More than 100 people that were victims’ of the “Man in the Middle” Scam have been identified in Spain, Germany, Andorra, Belgium, Bulgaria, Ecuador, Slovenia, Finland, the Netherlands, Hungary, Ireland, Italy, Lithuania, Poland, Portugal, the United Kingdom, the Czech Republic, and Romania
Scammers impersonated conversations between company suppliers and their clients, altering bank details to swindle money from pending payments.
The Guardia Civil, within the framework of Operation “Osgiliath,” has arrested 30 individuals in various towns in Andalusia, Catalonia, Madrid, Murcia, and Toledo, accused of defrauding victims from different countries of over one million euros. Two of the group’s ringleaders have been apprehended in Getafe and Barcelona.
Additionally, another 40 suspected perpetrators have been identified, the majority residing in Spain, as well as Croatia, Hungary, England, Morocco, Nigeria, Pakistan, and Romania, whose identities have been reported to the court handling the case and the authorities of those countries.
More than 100 victims have been located in Spain, Germany, Andorra, Belgium, Bulgaria, Ecuador, Slovenia, Finland, the Netherlands, Hungary, Ireland, Italy, Lithuania, Poland, Portugal, the United Kingdom, the Czech Republic, and Romania, all of whom fell victim to the criminal organization’s scams in just one year.
The investigation began in May of last year following a report from a construction company that had been defrauded of over 10,000 euros using the method known as “Man in the Middle.”
In this type of cyber-attack, also known as CEO Fraud or BEC (Business Email Compromise), the perpetrators infiltrate conversations between two or more devices, typically a supplier and their clients. The scammer gains access to these conversations and intercepts those related to payments, where they impersonate identities. By posing as the supplier, they modify the information, leading the victim to transfer funds to the criminal’s account. Conversely, posing as the client, they negotiate payment extensions with the supplier, gaining time. Once the victim transfers the money, the scam is revealed.
Creation of Fake Websites
Investigators found that the same perpetrators used other methods of cyber fraud. Posing as legitimate companies, they advertised motor vehicles, agricultural machinery, and vacation rental properties. They created fake websites offering these products at competitive prices under the name of reputable brands, even using the real tax ID of the impersonated company but providing contact details through emails created by the scammers.
Once they garnered the interest of potential buyers, they initiated email conversations, requesting documents and personal information under the guise of contract registration, which they then used for criminal activities.
To transfer the money from the scams, the organization relied on a network of mules to whom they paid commissions ranging from 50 to 1,500 euros. Once the money was in the criminals’ accounts, they withdrew it from ATMs, invested it in virtual currencies, or transferred it to accounts in the Republic of Malta and the Republic of Lithuania. The Guardia Civil continues to track these transfers.
The operation was conducted in two phases, the first in December 2023, resulting in the arrest of five individuals in Getafe (Madrid), Talavera de la Reina (Toledo), Moratalla (Murcia), and Pegalajar (Jaén).
During the second phase, concluded on March 12, another 25 people were arrested in Lloret de Mar (Girona) and Barcelona.
In total, 30 individuals have been arrested, 19 men and 11 women, aged between 19 and 56, charged with technological fraud, identity theft, document forgery, unauthorized disclosure of secrets, money laundering, and participation in a criminal organization.
Forty individuals, 29 men and 11 women, aged between 20 and 45, have been identified as suspected perpetrators, whose identities have been provided to the judicial authority. The proceedings have been submitted to the Investigating Court number 4 of Alicante.
153 bank accounts have been seized, recovering 114,366 euros from the group’s scams.
The operation was carried out by the Main Post of the Guardia Civil in San Juan de Alicante, with the collaboration of the Alicante Cybercrime Prosecutor’s Office, EUROPOL, and the Police forces of 22 countries.
