sent at least 71,000 messages with fake websites



Agents of the Mossos d'Esquadra have dismantled a criminal group specialized in SMS scams that they had sent at least 71,000 bogus messages to potential victims. There are four men arrested, as reported this Friday by the Catalan police force, aged between 19 and 27 years.



Despite practicing the smishing, the variant of phishing that uses social engineering techniques through SMS, taking into account the modus operandi described by the Catalan police, in principle, this group would not be related to FluBot, the banking Trojan that is estimated to have infected 60,000 phones and stolen the number of 1 in 4 Spaniards. Though the investigation is still open.






The alleged scammers, according to the Mossos, made duplicates of the victims' SIM cards to control the validation codes sent by banks. Thus they were able to make money transfers from accounts, as well as purchases, without being noticed




They impersonated banks and operators through linked websites in text messages




Sim Card 4475643 1920



The agents of the Criminal Investigation Division of the Barcelona Metropolitan Police Region of the Generalitat-Mossos d'Esquadra Police explain that the investigation began during the month of October 2020 after the presentation of a complaint. A person reported having been the victim of a scam through a fraudulent SMS.



The way this group operated consisted of the sending text messages with a link to fake web pages that impersonated banks or mobile phone operators. The objective of these portals was to seize the access credentials. They also supplanted logistics companies, such as FedEx, Correos or DHL, and insurance companies.




This scam used fraudulent websites to seize access credentials to bank accounts and mobile phone services




SMS They warned that the keys and passwords of the impersonated services would be canceled if they did not access the indicated links. Something similar to what happened in the case of the attack of phishing that was supplanting BBVA of which we spoke at the end of last January.




Once the objective credentials have been obtained, the Mossos explain, the scammers duplicated the SIM card of the victim's mobile line with a dual purpose. "On the one hand, to access the operational validation codes sent by the banking entities and, on the other, to prevent the victim from becoming aware of the fraudulent operation carried out with the bank accounts and credit cards that were linked," they explain it's a statement.



The agents have credited the sending of a minimum of 71,000 text messages and the accommodation of Fraudulent websites on servers located in the Cayman Islands.




The court has decreed prison for two of the detainees, those who allegedly formed the leadership of this criminal group according to the Catalan police







Credit Card 1591492 1920









How (and to whom) to report Internet fraud and SMS scams such as WhatsApp, FedEx or Correos





Scammers carried out money transfers, as well as high-end mobile purchases with the victims' bank cards, says the police force. These cards were sent to people residing in the province of Madrid, to whom the scammers paid to receive the packages.



The alleged perpetrators of the crime of fraud and belonging to a criminal group were arrested last Tuesday, March 2, going to court on March 4. For two of the arrested, those who the investigation considers to be the top of the group, the court decreed prison. The other two were released with charges with the obligation to appear every 15 days in court. During the arrests, the agents found cash, laptops, various documents "that will be analyzed" and part of the loot: high-end mobile devices, "many of them sealed", of which they had acquired with the money from the victims of the scam.