Case in point: Spain’s Directorate-General of the Police (DGP) earlier this month issued a press release detailing the takedown of a major underground criminal operation specifically designed to phish credentials from phone owners whose devices had been pilfered.
The busted cybercriminals operated and marketed an online phishing-as-a-service platform called iServer through which phone thieves could create imposter web pages that impersonated the websites of mobile phone manufacturers.
Using open-source intelligence, the thieves would then find out how to get in contact with their victims and send them SMS-based “smishing” messages, luring them to a fake website via a malicious link, under the pretense that they could locate and recover their devices.
In some cases, the perpetrators would even call up the victims (aka “vishing”) in order to gather additional information that could help them personalize the phishing campaign and make it more convincing. Indeed, “prior to unlocking the device, the organizations carried out social profiling of the victims, since in many cases, in addition to the stolen device, they also had the victim’s personal belongings – such as personal documents,” noted a press release issued by the DGP.
Once directed to the phishing site, victims would be asked to enter their unlock codes. The cybercriminals would then provide these codes to the individuals who had purchased the stolen phones from them.
This scheme is typical of the psychological ploys used by cybercriminals, who often try to take advantage of vulnerable individuals under stressful situations, as they may respond impulsively out of emotion rather than applying logic, reason and common sense to their actions. This is why it is important for email users to think carefully before clicking on questionable links or revealing credentials or other key information about themselves.
The crackdown on this criminal enterprise network was jointly conducted by Europol and the Specialized Cybercrime Center of Ameripol, and aided via research from Group-IB. Dubbed Operation Kaerb, the coordinated effort took place between Sept. 10 and 17, and resulted in 17 arrests in six countries across Europe and Latin America.
As a result of this law enforcement effort, the iServer platform was deactivated and is user traffic rerouted to a domain run by the police. Before its demise, the platform had been operated for at least five years and racked up around 483,000 victims – primarily Spanish-speaking victims from European, South American and North American countries – while unlocking approximately 1.2-1.3 million mobile phones.
Via its own press release, Europol recommended that citizens “think twice before clicking on any links and attachments as criminals could be trying to phish or smish you.” The law enforcement agency also recommended to run antivirus software on all electronic devices, regularly update your security software and operating systems, and create unique passwords for all online accounts.