Europol, in collaboration with Ukrainian and Czech police, has successfully dismantled a criminal gang responsible for a sophisticated vishing scam that targeted bank customers in Czechia, resulting in the theft of millions of dollars. Ten suspects, aged between 18 and 29, have been apprehended in connection with this multimillion-dollar fraud operation, according to a press release from Europol.
The joint investigation, initiated by Europol, culminated in the arrest of four individuals in Czechia and six in Ukraine in April 2023. Subsequently, those detained in Ukraine were extradited to face charges in Czechia.
During the operation, law enforcement seized crucial evidence, including SIM cards, mobile phones, and computer equipment, from the suspects’ locations in Czechia (specifically Domazlice, Rokycany, and Plzen) and Ukraine (Dnipropetrovsk). Some of the arrested individuals had prior records involving drug offenses, violent crimes, and document forgery.
The criminal organization, headquartered in Ukraine, executed vishing attacks against Czech victims through call centers. Using spoofed phone numbers, the scammers posed as bank security officers, employing a fraudulent technique known as vishing, a combination of voice and phishing.
The unsuspecting targets were informed that their bank accounts had been compromised, and the scammers coaxed them into divulging sensitive banking information, including credit card details and login credentials. To further deceive victims, the fraudsters even made phone calls impersonating police officials to confirm the alleged hacking.
Once trust was established, the scammers persuaded victims to transfer funds from their supposedly compromised accounts to what they claimed were “secure” accounts controlled by the criminals. In Czechia alone, these fraudulent activities yielded approximately $8.7 million (€8 million).
The intricate scam was brought to light by the Czech Republic police, who initiated an investigation in November 2021 and sought assistance from Eurojust. In response, Europol formed a joint investigation team in June 2022, consisting of officials from Europol’s European Cybercrime Centre (EC3) and investigators from both Czech and Ukraine. The agency facilitated five meetings to enhance judicial cooperation among the involved authorities.
Describing the criminal gang’s activities as one of the “most extensive series of frauds committed through fake bankers,” the police emphasized the scale of the operation.
Currently, Europol is engaged in analytical work and is providing digital forensic support for the seized equipment. Vishing fraud has gained prominence recently, exemplified by a September 2023 incident involving the ALPHV (BlackCat) ransomware gang, which exploited vishing to breach MGM Resorts’ security.
To safeguard against such scams, individuals are advised to exercise caution with unsolicited phone calls, note the caller’s number, and independently verify their identity by calling the organization. Skepticism is encouraged, especially when callers possess basic personal information, as this could be obtained from social media. Finally, individuals are reminded to keep their credit/debit card PINs and online banking passwords private, as legitimate bank representatives would never request such information.