KEEPNET LABS > Blog > Interpol and Europol Operations Against Phishing Gangs Demonstrate the Severity of Malicious Emails Threat

Interpol and Europol Operations Against Phishing Gangs Demonstrate the Severity of Malicious Emails Threat

Two significant operations made headlines in the previous two months. Two renowned international law enforcement agencies, Interpol and Europol, conducted operations against phishing email gangs. This is a significant signal that sending fraudulent emails poses a substantial threat to both businesses and individuals.

In the last two months, two large operations hit the headlines. Operations against phishing email gangs were carried out by Interpol and Europol, two prominent international law enforcement organizations, another significant indication that spreading malicious emails is a serious threat to both businesses and individuals.

Online frauds using social engineering refers to schemes that persuade victims to provide private or sensitive information so that it can be utilized for illicit financial advantage. Phishing is a significant one of the various fraudulent activities carried out through social engineering. It is the practice of tricking people into disclosing their personal or financial information by sending them misleading emails, texts, or phone calls that appear to be from a reputable source, such a bank or e-commerce site.

Advanced ransomware gangs are allegedly driving more phishing efforts, and as a result, some firms are reporting up to five security incidents every quarter, according to new survey results from CRA Business Intelligence.

An organized crime gang engaged in phishing, fraud, scams, and money laundering was dismantled as a consequence of a cross-border investigation coordinated by Europol and several other entities including the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie). The operation on June 21 resulted in 24 house searches, 9 arrests, and the confiscation of weapons, ammunition, jewelry, electronics, cash, and cryptocurrencies in the Netherlands. Victims were approached by the criminal organization using email, text message, and mobile messaging services. The gang members who sent these messages included a phishing link that went to a fake banking website. The victims were tricked into giving the suspects their financial information under the impression that they were seeing their own bank accounts on this website.

According to the investigation leads, the criminal organization used this fraudulent practice to steal several million euros from its victims. To transfer these funds from the victims’ accounts and to withdraw the money they had gained unlawfully, they utilized money mules. Members of the gang have also been linked to drug trafficking and potential trafficking in weapons crimes. Information interchange, operational coordination, and analytic support for the inquiry were all made possible by Europol. Three specialists from Europol were sent to the Netherlands as part of the operation to offer forensics, technological knowledge, and real-time analytical support to on-the-ground investigators.

In May 2021, the police operation, codenamed Delilah, was initiated by an intelligence referral from Group-IB. Group-IB, one of the global leaders in cybersecurity, has assisted in the INTERPOL-coordinated investigation aimed at disrupting a transnational phishing syndicate, called TMT, also known as SilverTerrier. The intelligence was then enriched by analysts within INTERPOL’s Cyber Fusion Centre. INTERPOL’s African Joint Operation against Cybercrime (AFJOC) then referred the intelligence to Nigeria and followed up with multiple case coordination meetings supported by law enforcement in Australia, Canada and the United States.
“You are subject of a Red Notice, pay me!”

In addition to a specific incident, Interpol is aware of frauds that use its name. These are typically used to persuade individuals to give money to the scammers, who utilize the name of Interpol because it seems reputable and serious. Some scammers even go so far as to generate bogus mails using Jürgen Stock’s name and picture as the Interpol Secretary General. In order to put pressure the receiver into paying money, such letters may make the false assertion that they are the subject of a Red Notice. It’s vital to remember that Interpol never makes direct contact with the public, never asks money from anyone, and never requests bank information or any type of money transfer. Additionally, they requested that no one should be duped by letters or emails with what appear to be official stamps or names. These emails are fraudulent.

Security Awareness Training is Strategic

Phishing targets both people and computer systems, thus the defense must protect against both. As it becomes one of the mottos of cyber security: “Human is the weakest link”. Therefore, it would be strategically wise move to strengthen the weakest link by providing effective training. In case someone does manage to get through, layering defenses is crucial, and having an incident response strategy is very essential as well. Following are recommendations on how to defend against phishing attacks:

  1. Training employees on security awareness
  2. Filtering emails for phishing threats
  3. Updating client-side operating systems, software, and plug-ins
  4. Specifying/Hardening clients
  5. Blocking Internet bound SMB and Kerberos Traffic
  6. Detecting malware on endpoints
  7. Detecting compromised credentials and lateral movements
  8. Implementing 2 factor-authentication
  9. Enabling SPF and DKIM
  10. Having an incident response plan


Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.