14 DAY TRIAL // A total of 13 individuals have been arrested since the end of January 2014 by Dutch and Belgian authorities as part of an investigation targeting a cybercriminal organization.
Belgium’s federal prosecutor has been collaborating with Eurojust and Dutch law enforcement agencies to bring the alleged members of the crime ring to justice.
According to the Belgian federal prosecutor’s office, cited by De Tijd, the group relied on phishing and vishing (voice phishing) to trick their victims into handing over the information needed to access their bank accounts.
First, they sent potential victims phishing emails that purported to come from a Belgian bank. The messages informed recipients of security threats and asked them to visit a fake bank website where they were asked to enter personal information, including their login credentials and phone numbers.
Once they obtained this information, the cybercrooks called up their victims and instructed them to perform a security update. In this process, victims were asked to hand over the one-time passwords (OTPs) generated by the tokens provided by the bank.
These devices ensure that even if the login credentials are compromised, unauthorized transactions can’t be performed without entering an OTP.
After they gained access to victims’ bank accounts, the fraudsters transferred money into the accounts of other members of the conspiracy.
Belgian authorities have been tracking the criminal organization since the end of 2012. They cooperated with Dutch law enforcement to identify them.
Eleven of the arrested suspects are from Belgium. Most of them were those to whose bank accounts the stolen funds were transferred. Two individuals suspected of being the masterminds of the operation were arrested in the Netherlands.
One of them, a woman from the city of Hilversum, has already been handed over to the Belgian authorities. Belgium has also asked the Netherlands to surrender the second suspect who’s believed to be a leader of the operation.
It’s well known that unlike in other parts of the world, it’s more difficult for cybercriminals to target the customers of European banks because of the security systems implemented by financial institutions. However, it’s not impossible.
Fraudsters have come up with all sorts of methods to get their hands on the information they need to gain access to bank accounts.
Vishing is an old method, but it’s still efficient. PhishLabs has recently issued a warning about cybercriminals relying on voice phishing to target the customers of midsize US financial institutions.