Spanish police arrest 55 people involved in wide-ranging cyberscam operation

At least 55 people were arrested by the Spanish National Police on Thursday for their alleged involvement in a wide-ranging cybercrime operation that involved phishing scams, SIM swapping and more.

The group — which called itself the “Black Panthers” and was based in Barcelona — operated in four separate cells that stole about €250,000 from nearly 100 people through a variety of scams that involved the takeover of bank accounts. 

In a statement, the Spanish National Police said they conducted raids on seven homes and found a range of cryptocurrency hardware, 45 SIM cards, 11 mobile phones, four laptops, a “high-end vehicle” and troves of documents related to the group’s scams. They noted that one of the leaders of the gang was among the 55 arrested.

One way the group conducted scams was through a practice called “SIM swapping” – where hackers contact a victim's mobile telephone provider and convince them to port the victim's phone number to the fraudster's SIM card. 

From there, the cybercriminals could circumvent two-factor authentication and take control of a victim’s bank account, allowing them to make fraudulent transfers. Police officials said the gang typically transferred funds to a network of mules spread throughout Israel, Jordan, Lebanon and Syria.

“Vishing [voice phishing] was the most widely used technique to obtain duplicate SIM cards. They did it directly to well-known telephone and telecommunications companies in our country, posing as customers whose data they already had after having carried out phishing attacks on the employees of the telephone operators themselves,” the Spanish National Police said.

In other cases, the group posed as employees of a technical service in an effort to steal the credentials of telecom employees.

These scams gave them even wider access to the databases of telephone operators themselves and allowed the group to obtain even more personal data of victims, making the SIM swapping process even easier.

Spanish Police officials added that the group also bought National Identity Documents and credit card numbers off of the dark web, and their investigation uncovered a cell of the group that specialized in cloning bank cards.

“The cloned cards were used to purchase luxury products (which they collected at the delivery points by displaying the physical ID cards stolen or purchased on black markets) to later resell them in stores and second-hand pages in order to hinder the traceability of the product while bringing them great profits,” officials said.

Barcelona has been a hub for cybercriminals in recent years, with Spanish Police disrupting several cybercriminal organizations including the group behind popular Android malware FluBot. Other Spanish areas like Madrid, the Canary Islands and more have seen cybercriminal-related raids over the last year.

At least one Spanish national was arrested in October as part of Interpol raids on an organized crime group in Europe that sold technology allowing thieves to hack and steal keyless entry cars.