The Spanish National Police have arrested 55 members of the ‘Black Panthers’ cybercrime group, including one of the organization’s leaders based in Barcelona.
The gang was operating four specialized activity cells dedicated to social engineering, vishing (voice phishing), phishing, and carding, having a very organized structure.
The arrested leader coordinated the cells and recruited new members and money mules.
“The criminal group consisted of a network structure, made up of interconnected and perfectly defined action cells, whose division of tasks dealt with knowledge, accessibility to stolen information, and experience,” reads the police’s announcement.
The ultimate goal of the gang was to perform SIM swapping attacks, which is to port a target’s phone number to the attacker’s device. By porting the number, the attackers now gain access to the victim’s text messages and can use it to bypass 2FA protection on their bank accounts and empty them.
For the SIM swapping, the fraudsters used a combination of phishing, vishing, and call forwarding to impersonate the identities of their targets when talking to mobile service provider customer support agents.
In some cases, the scammers even acted as service technicians for local reseller offices of the targeted telecom firms, stealing the account credentials of their employees.
“This gave them access to the database of the telephone operators themselves and allowed them to obtain the personal data of the victims, making duplicate SIM cards themselves.” – Policía National.
Once they got access to the bank accounts of their targets, they made multiple transfers to a network of “money mules” located on the Levantine coast.
According to the investigators’ estimates, ‘Black Panthers’ managed to defraud at least 100 victims before their arrest, stealing 250,000 euros ($260,000) in the process.
The police’s investigation also revealed that the ‘Black Panther’ gang had an active presence on the dark web, where their “carding” cell bought ID and credit card numbers using cryptocurrency.
The crooks used the purchased info to buy various luxury products from online shops and then resell them as second-hand items to unsuspecting buyers, effectively laundering the money.
During the police raids in seven homes, 45 SIM cards, 11 mobile phones, four laptops, a hardware cryptocurrency wallet, and plenty of documentation relating to the crimes were found and confiscated.