The Civil Guard has arrested 101 people in Madrid and Barcelona for defrauding one million and one hundred thousand euros by sending fraudulent mass SMS. The detainees impersonated the banking entities by sending, indiscriminately, mobile phone messages to the possible victims.
In these messages, they were warned about illegal charges, illegal access to their accounts and other online banking operations. By facilitating access by clicking on the links, these individuals inadvertently authorize the criminal to make transfers and other money transfers.
During the course of the process, the victim believes that they are correcting or repairing security flaws detected by the bank itself. However, she is quickly providing all the information requested and involuntarily authorizing the theft of her money.
Investigators have so far been able to recover 383,000 euros of the stolen money. This macro-operation against fraudulent SMS that pretend to be from a bank, has been developed throughout this year, and has spread to other countries such as Belgium, Estonia, France, Italy, Lithuania and Malta, where the detainees had bank accounts with the money illegally obtained.
So far this year, the Civil Guard has received more than a thousand complaints for crimes of this type in Cantabria alone. In this operation -developed by the Civil Guard Team in Cantabria- there are a total of 350 identified victims. The detainees are being investigated for the crimes of fraud, belonging to a criminal organization and money laundering.
The main criminal techniques used have been, on the one hand, smishing, which consists of providing the victim with a link to resolve an incident in their bank account that does not really exist. Customers click on the link and are redirected to a page where a series of data is requested, which really facilitates criminals’ access to their online banking.
On the other hand, there is vishing, which consists of calling the injured party, posing as an employee of the bank of which they are clients, reporting that an incident is taking place in their bank account, and that they are going to receive an SMS, that must be provided to the interlocutor to resolve the incident. Once the code received is provided by the injured party, it allows the authorization of the denounced operation.
To gain the trust of the affected parties, they use spoofing, a technique that consists in making the phone call from a masked number, which is presented to the recipient as coming from a trusted bank.
