14 DAY TRIAL // Law enforcement officials in the Netherlands have arrested two suspects of a Dutch cybercriminal organization that engaged in developing, renting, and selling advanced phishing frameworks to other actors in a scheme known as fraud-as-a-service, according to The Hacker News.
The attacks mainly targeted users in Belgium and the Netherlands. The suspects, identified as a 15-year-old juvenile and a 24-year-old software engineer, are suspected of being the primary developers and providers of phishing tools used to grab login information from bank users. The Dutch Police reports that the 15-year-old suspect has been released from custody and is since then awaiting an inquiry into his cybercrime activities.
Cybersecurity firm Group-IB believes the cybercriminal organization known as Fraud Family has been active since at least 2020. Their frameworks include phishing kits designed to steal information and web panels. The latter allows scammers to interact in real time with the actual phishing website and retrieve users' stolen information.
Cybercriminals designed scams that included WhatsApp messages and malicious links in email bodies
The scammers were posing as a buyer on a Dutch classifieds platform to contact a seller and then moved the conversation to WhatsApp to lure the seller to a phishing website. SMS messages, malicious links in emails, and WhatsApp messages sent from Fraud Family posing as well-known local brands send the unwitting recipient to phishing websites owned by threat actors to steal credit card information.
Researchers at Group-IB noted that phishing websites provide a high level of personalization by posing as a legitimate Dutch marketplace. The fake sites were pretending to use a popular online commerce payment system, to direct victims to a fake banking website from which the victim's credentials are deducted based on the bank they choose.
Web panels, one of which is a fork of another panel known as U-Admin, were priced between €200 and €250 a month, according to messages posted by the group on Telegram. Other cyber criminals could choose between the Express Panel and the Reliable Panel. Up to this point, no less than eight Telegram channels run by Fraud Family have been uncovered, with the channels collectively having a total of 2,000 subscribers between them.