Spanish police have arrested 40 individuals under suspicion of involvement in a major criminal group that earned over €700,000 through phishing scams. Two hackers and 15 alleged members of the Trinitarios group were among those detained, with charges ranging from belonging to a criminal organization to money laundering. The group’s activities were funded by both phishing and banking fraud, which it used to purchase drugs and weapons, pay for lawyers for imprisoned members, and transfer money directly to gang members.
According to police sources, the suspects sent phishing SMS messages to their victims, pretending to be the bank. The messages claimed that there was a security problem and urged the victim to click on a link to solve it. Once the victim clicked on the link, they were redirected to a fake login page where they were asked to enter their account details. The hackers then used this information to access real accounts, making loans and linking the victims’ cards to virtual wallets on their phones.
The cybercriminals then used the stolen cards to purchase cryptocurrency, which they exchanged for fiat currency and placed in a “common box” for future use by all members of the group. The group also used the stolen bank details to direct cash mules to withdraw funds from ATMs or receive them through bank transfers. They also made false purchases through fictitious cosmetic companies using POS terminals.
During the operation, 13 searches of houses were conducted in Madrid, Seville, and Guadalahahara, revealing a list of 300,000 Fishing victims, €5000 in cash, computer equipment, and seized locking devices. Some of the funds were even sent abroad and used to buy real estate in the Dominican Republic.
Phishing scams continue to be a major problem for both authorities and individuals globally, highlighting the importance of remaining vigilant and staying informed on the latest fraud tactics.