New scam formula known as phishing. The Economic and Fiscal Crime Unit (UDEF) of the Superior Headquarters of Police de Aragón has detained eight Spaniards in Zaragoza, aged between 18 and 43, as allegedly responsible for belonging to a criminal group and committing numerous crimes of fraud. The events originated on November 13, when the manager of a bank branch called 091 to alert that a man tried to withdraw money from an ATM without a cardto. The woman offered to help him and confirmed that the account holder was someone else.
A patrol of the Operational Response Group (GOR) went to the place and corroborated the information provided by the bank manager. Agents discovered that the man had withdrawn 2,490 euros the day before at the same ATM, belonging to another owner who had already reported the fact, for which they proceeded to his arrest.
The following day, a second individual tried to make a withdrawal at the same ATM located in the center of the Aragonese capital. Once again, the bank manager alerted the National Police and the Citizen Security agents verified that he intended to withdraw 2,500 euros from a foreign account.
These two arrests began an investigation led by the Provincial Judicial Police Brigade, which allowed the identification of another of the perpetrators. The latter would have recruited the first two to carry out the cash withdrawals at ATMs using data obtained through ‘phishing’ in online banking applications.
The modus operandi to make these withdrawals without a card consisted of entering the DNI/NIE number, date of birth, security code and a text message with a code at the ATM. The scammers they obtained this data from the victims by posing as bank employees or managers and convincing them that they had to provide the information to void a fraudulent transaction.
The collector was also being investigated for alleged purchases on online platforms using third-party cards. In this case, the modus operandi involved acquiring bank card data and making massive purchases on various web pages, modifying phonesdelivery addresses and recipient identities.
The investigation allowed the identification of several people, including three of those previously detained, who were in charge of making more than 500 online purchases and acquiring products at no cost to them. The leader of the organization, a 27-year-old man, fraudulently obtained customer data from financial institutions and provided it to the rest of the group to appropriate money at ATMs or make massive purchases on the Internet.
These people, known as ‘mules’, are the lowest link in the organization and are in charge of carrying out the most visible actions of the scam, such as withdrawing money at ATMs or making purchases online and collecting orders personally.
The eight detainees five of which accumulate more than 70 records, were arrested in different phases between March 15 and 28. Three of them were handed over to the magistrate of Zaragoza Investigating Court number 4, who decreed their freedom with charges, assisted by the lawyer Olga Oseira.
This police operation highlights the importance of citizen collaboration and the work of the authorities in the fight against cybercrime and fraud. Online banking users are advised to remain alert to possible phishing attempts, never provide personal data over the phone and report any suspicious activity to the relevant authorities.