A phishing gang that was behind a lethal campaign of attacks that earned them millions was recently broken up by the combined efforts of European law enforcement teams.

The criminal network tricked its victims by luring them to fake webpages that resembled legitimate banking websites. Phishing sites are a common tool used by threat operators and are designed to steal private credentials. Unwitting victims often follow links from phishing emails that take them to bogus login pages.

Credential harvesters under wraps

According to officers in charge, the fraud and phishing ring managed to steal millions of euros from multiple victims while active by fooling victims into disclosing the passwords and usernames associated with their personal bank accounts. The recent operation to break the ring involved law enforcement agents from Europol and teams from both the Dutch and Belgian police forces.

Coordinated police raids occurred on June 21 and involved 24 different homes being searched. During the raids, officers seized firearms, jewellery, electronic devices, cryptocurrency, and cash stores as evidence. As a result of the successful operation, nine arrests were made.

According to a statement from Europol, the gang’s criminal activities were not limited to phishing attacks but also included other scams and fraud, along with money laundering. Additionally, certain members of the phishing ring have also been connected to several open police cases that involve potential firearms and drug trafficking activity.

Classic phishing attack architecture

The threat actors behind the attacks used tried and tested phishing tactics on the victims from whom they stole. The selected targets were contacted with malicious phishing messages that were sent by a variety of different channels, including emails, text messages and missives from messaging apps designed for mobile phones.

The messages themselves contained phishing links that, if clicked on, took recipients to bogus versions of established banking websites. Imitating log-in pages, they tricked victims into adding their private banks credentials, effectively giving the gang the passwords and usernames they required to take money from their accounts.

The phishing gang took the money by employing “money mules” to transfer funds from accounts belonging to the victims before cashing it out.

The June raids were informed by Europol, offering strong support to the Dutch and Belgian police forces by aiding them with operational coordination, information sharing, and delivering analytical support to the investigation. In the operation itself, the European law enforcement agency also provided support to the investigative teams on the ground, as well as technical and forensics expertise.

Among the most basic types of cybercrime, phishing attacks that target financial information are also some of the most effective and account for billions of pounds lost each year. Not all phishing attacks are aimed at stealing financial credentials, however. Bogus sites do not always resemble banking sites but can be made to look like company portals and data sharing platforms. Additionally, links in phishing messages can also download malware if clicked on, infecting company devices and the networks to which they are connected.