Police in Romania, the Netherlands, and Ireland have arrested and charged twenty-three people accused of conducting sophisticated social engineering attacks. The organized crime group used phishing sites that purported to sell bogus goods, and raked in around one-million euros.

“A sophisticated fraud scheme using compromised emails and advance-payment fraud has been uncovered by authorities in Romania, the Netherlands and Ireland as part of an action coordinated by Europol,” Europol said. “On 10 August, 23 suspects were charged as a result of a series of raids carried out simultaneously in the Netherlands, Romania and Ireland. In total, 34 places were searched. These criminals are believed to have defrauded companies in at least 20 countries of approximately €1 million.”

Europol notes that the criminal group adapted their themes in 2020 to exploit the COVID-19 pandemic.

“The fraud was run by an organised crime group which prior to the COVID-19 pandemic already illegally offered other fictitious products for sale online, such as wooden pellets,” Europol said. “Last year the criminals changed their modus operandi and started offering protective materials after the outbreak of the COVID-19 pandemic.”

The criminals set up spoofed websites impersonating real wholesalers to trick people into paying for phony items.

“This criminal group – composed of nationals from different African countries residing in Europe, created fake email addresses and webpages similar to the ones belonging to legitimate wholesale companies,” Europol stated. “Impersonating these companies, these criminals would then trick the victims – mainly European and Asian companies, into placing orders with them, requesting the payments in advance in order for the goods to be sent. However, the delivery of the goods never took place, and the proceeds were laundered through Romanian bank accounts controlled by the criminals before being withdrawn at ATMs.”

New-school security awareness training can enable your employees to recognize social engineering attacks.