20 hackers arrested in EUR 1 million bank phishing scam
Criminals faked e-mails from tax authorities to defraud bank customers across Italy and Romania out of EUR 1 million
29 March 2018
Joint Eurojust/Europol press release
A two-year long cybercrime investigation between the Romanian Directorate for Investigating Organised Crime and terrorism – Central Structure, Romanian National Police, the Prosecution Office of Milan and the Italian National Police, with the support of Eurojust, Europol and its Joint Cybercrime Action Taskforce, has led to the arrest of 20 suspects in a series of coordinated raids on 28 March. Nine individuals were detained in Romania and 11 were arrested in Italy for banking fraud that netted EUR 1 million from hundreds of customers of two major banking institutions. The Romanian authorities have conducted 15 house searches involving 120 Romanian police officers, while the Italian authorities carried out 9 home and computer searches, involving more than 100 Italian police officers. Documents, IT devices, drugs and other materials were seized in Romania and Italy.
The organised crime group (OCG), comprised of Romanian and Italian nationals, used spear phishing e-mails impersonating tax authorities to harvest the online banking credentials of their victims.
While the most common phishing scams generate millions of generic e-mails, spear phishing e-mails are personally addressed to targeted stakeholders with content to make them appear to be sent from a reputable source, such as a bank. Recipients are encouraged to click on a link, which will lead to a fake version of a legitimate website from which their account or contact details can be stolen.
The investigation, initiated in 2016, uncovered how the criminals used the stolen online banking credentials to surreptitiously transfer money from the victims’ accounts into accounts under their control, and from there withdrew the money from ATMs in Romania with credit/debit cards linked to the criminal accounts.
The highly organised OCG pursued its criminal activity using encrypted chat applications. It established its power by applying intimidating and punitive methods towards affiliates and competitors. The OCG is also suspected of money laundering, drug and human trafficking, prostitution and participation in a criminal organisation.
During the investigation, Europol supported the case by providing tailored intelligence analysis and expertise to the investigators and deploying mobile offices on the action day to both countries. Several coordination and operational meetings took place prior to the action at Eurojust and Europol.
Eurojust ensured close cooperation and coordination among the prosecuting and investigating authorities in both Romania and Italy. During two coordination meetings held at Eurojust in March and October 2017, decisions were taken to facilitate the execution of coordinated actions with simultaneous arrests and searches, prevent a conflict of jurisdiction (ne bis in idem issue), continue the parallel investigations and exchange of information, and organise a coordinated action day. On 28 March, a coordination centre was set up at Eurojust, facilitating the exchange of information between the involved countries and providing a final global overview of the results.
Due to the demanding investigative measures run on an international level, the Romanian and Italian judicial authorities requested the establishment of a joint investigation team (JIT), which was set up in March 2017 between Italy and Romania with the assistance of Eurojust. Eurojust also facilitated the funding process of the JIT. The JIT allowed for efficient cooperation and coordination, including the continued exchange of information and evidence between Italy and Romania.