49 Arrested in ‘Operation Triangle’ Phishing Campaign

Authorities from six different nations worked on Tuesday to apprehend 49 suspects connected with carrying out a complex phishing scheme dubbed Operation Triangle.

Authorities from six nations worked in tandem on Tuesday to apprehend 49 suspects connected with allegedly carrying out a complex phishing scheme dubbed Operation Triangle that saw cybercriminals make off with more than $6 million.

Police in Italy, Spain, and Poland coordinated the arrests, while officials in Belgium, the U.K., and Georgia assisted in the joint action, according to a press release from Eurojust and Europol on Wednesday.

The technical details around the scheme are still a bit hazy but Europol claims the suspects in question – men from Nigeria, Cameroon, and Spain – phished money from their victims via man-in-the-middle attacks.

The suspects allegedly hacked into the email accounts of victims from businesses across Europe by using malware and social engineering techniques. Once in, the attackers detected, then tweaked, requests for payment and funneled money to themselves instead of the individuals. The attackers cashed out the funds, €6 million, roughly $6.7 million, via a “sophisticated network of money laundering transactions,” outside the EU, according to Europol.

Twenty of the suspects were arrested in Italy, 18 in Poland, and 10 in Spain, while one suspect was arrested in Belgium.

As part of the campaign, 58 search warrants were executed and the suspects’ laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents were all seized.

By disrupting the campaign officials resolved three cases that were open with the European Union’s Judicial Cooperation Unit (Eurojust) and tangentially linked between the three countries.

Details from the campaign sound similar to a ring dismantled in April by both Europol, FBI, and police in Italy. In that operation suspects also from Nigeria are alleged to have laundered nearly $3 million they purloined via online fraud.

Like in Operation Triangle, victims in that campaign were tricked by payment diversion scams, but also by romance scams, where they were duped into sending money to criminals who set up fake Internet dating profiles.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.