A specialized task force of the Ukrainian Police managed to arrest a hacking group that would have stolen the confidential financial information of up to 70,000 people using a complex phishing operation based on fake websites to top up mobile services. The authorities arrested a total of five individuals, who in addition to the phishing charges will face penalties for the operation of a marketing campaign for the online positioning of the websites used in this scam.
According to the report, this fraud was possible due to reduced security measures on the Internet, especially when an individual or company wants to place ads or enable a website with electronic transaction functions. The defendants used some 40 fraudulent websites, connected to a server under the control of an accomplice of the group working as a systems administrator. The operator of this server remained at large at the time of writing.
This group also had the collaboration of three people who acted as mules and facilitated a money laundering operation. Police estimate that this group caused losses of up to $175,000 USD, of which $70,000 USD in cash has been confiscated so far, in addition to the seizure of smartphones, laptops, computers, bank cards and other items related to the fraudulent operation.
All those arrested could be found guilty of at least three violations of Ukraine’s Criminal Code, for which they could be sentenced to more than 20 years in prison. So far it is unknown when the trials against those arrested will begin.
While the fraudulent operation has already been dismantled, users who entered their information on these websites are advised to take the necessary steps to protect themselves against other attacks, including disabling the paid cards entered and reporting the malicious websites.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.