Europol Warns of Growing Vishing Trend as Criminals Exploit Phone Calls for Massive Financial Gains
Ukrainian and Czech police under the supervision of Europol have dismantled a criminal gang that stole millions of dollars from bank customers in Czechia through vishing scams. According to Europol’s press release, the police also arrested ten suspects (aged 18-29) in connection with the multimillion-dollar fraud ring.
A joint investigation was initiated by Europol that led to the arrest of four individuals in Czechia and six in Ukraine in April 2023. Those arrested from Ukraine were later extradited to Czechia.
During the crackdown, investigators seized SIM cards, mobile phones, and computer equipment from the suspects’ vehicles, call centers, residences, and offices located in Czechia (Domazlice, Rokycany, and Plzen) and Ukraine (Dnipropetrovsk). Some of the suspects had a history of drug offences, violent crimes, and document forgery.
The criminal organization, based in Ukraine, conducted vishing attacks against Czech victims. They operated from call centers in Ukraine and called bank customers using spoofed phone numbers, posing as bank security officers. This scamming method is called vishing (created by combining voice and phishing).
The targets were told that their bank account was hacked and lured into revealing their banking data, such as credit card numbers, login credentials, and other details. Scammers also made phone calls pretending to be a police official to confirm the hacking.
After gaining trust, the scammers persuaded their victims to transfer funds from their “compromised” bank accounts to “safe” bank accounts, which the scammers owned. Through these scams, the fraudsters made approximately $8.7 million (€8 million) from victims in Czechia alone.
The Czech Republic police uncovered this scam. In November 2021, they contacted Eurojust to launch an investigation. Europol then formed a joint investigation team in June 2022, comprising Europol’s European Cybercrime Centre (EC3) officials and the Czech and Ukrainian investigators. The agency organized five meetings to facilitate judicial cooperation between the authorities.
The police called the gang’s activities one of the “most extensive series of frauds committed through fake bankers.” Currently, Europol is conducting analytical work and providing digital forensic support for the confiscated equipment.
Vishing fraud has become more widespread and popular lately. It usually involves someone pretending to be from a reputable organization, institution, or government agency and deceiving people into disclosing confidential, personal data.
The severity of vishing scams is highlighted by the September 2023 incident when the notorious ALPHV (BlackCat) ransomware gang exploited vishing to deceive an MGM Resorts employee, enabling them to breach the company’s security and compromise its network.
To protect yourself from such scams, always be cautious of unsolicited phone calls, note the caller’s phone number, and tell them you will call back and quickly verify their identity by calling the organization.
Don’t believe any caller if they have basic information about you because it could be taken from social media. Lastly, keep your credit/ debit card PIN or online banking password private because bank representatives would never ask for this information.