There are eight detainees based in Catalonia and acting throughout Spain who, through malicious messages and posing as a bank, obtained personal information and bank details to access the accounts of the victims whose identity they usurped through the falsification of official documents.
With this, they deceived the employees of phone stores to obtain duplicate SIM cards and, in this way, have access to the bank's security confirmation messages. In this way they could operate in online banking and access bank accounts to empty them after receiving security confirmation messages from the banks.
The first investigations took place in March of last year when the agents received two complaints for fraudulent bank transfers in different geographical locations in Spain. Both injured parties denounced that they had accessed online banking without their consent to carry out bank transactions.
Although the initial steps took place in remote places, the investigations led the investigators to the province of Barcelona, ​​where those now detained laundered the defrauded money operating through bank transfers and digital instant payment platforms.
The modus operandi used by the organization was primarily about the more traditional variant of the phishing method, that is, through SMS, email or instant messaging in which they pretended to be a trusted person or company to obtain confidential information such as bank passwords, credit card numbers or even copies of the DNI.
By not having the physical document, but a photocopy, they tried to simulate a physical appearance similar to the legitimate owner of the DNI that appeared in the photograph and thus convince the employees. Through this method they managed to usurp the identity of the victims to request a duplicate SIM card.
After obtaining the SIM card, the victims lost the coverage signal on their phones, since when activating the duplicate it was immediately deactivated, leaving the line in the hands of those arrested, at which time the fraudsters received the messages from the bank with the necessary keys to authorize transactions.
For this, they used online banks from various European countries, and even on behalf of victims to make it difficult to trace and locate the money.
Finally eight people were arrested - seven in Barcelona and one in Seville - and twelve bank accounts were blocked. ■