28th July 2021, Kathmandu
Two people have been detained in the Netherlands for their alleged involvement in a phishing fraud-as-a-service operation, one of who is 15 years old and the other is 24 years old, both of whom are scheduled to appear in court on Friday.
According to the company, authorities received assistance from security vendor Group-IB in the arrests of a “Dutch-speaking syndicate that develops, sells, and rents sophisticated phishing frameworks.”
The 24-year-old, who has not been identified, is accused of building the phishing service kits, while the 15-year-old is suspected of selling them. The younger suspect was released while the case was being investigated further. A third 18-year-old suspect was also searched, according to Dutch police.
The Fraud Family operation, which has mostly targeted victims in the Netherlands and Belgium since at least 2020 but possibly as early as 2018, is aimed at collecting banking credentials, according to Group-IB. On the encrypted messaging platform Telegram, where Fraud Family’s eight channels have over 2,000 users, the thieves promoted their service to less-skilled cybercriminals.
It’s a common ransomware business model in which developers loan their malware to other criminals in exchange for a cut of the revenues.
The phishing toolkits were frequently found in two types of operations: the first used email and SMS spam to entice users to phishing sites, while the second used advertising put on Dutch classified ads sites to lead consumers to the phishing site after a brief WhatsApp conversation.
The group’s phishing toolkits were frequently used to attack banks and their customers in the Netherlands and Belgium, according to both Dutch police and Group-IB.
The victim receives an email, SMS, or WhatsApp message posing as a well-known real company, such as a local business that caters to home buyers, in one type of attack leveraging Fraud Family’s phishing infrastructure.
Another example, according to Group-IB, is contacting a vendor listed in classified advertising and requesting them to make a small e-commerce purchase to “prove the seller is not a fraudster,” only to discover the e-commerce payment link is a phishing site. When the victim chooses their bank from the list on the webpage, it is asked for their login details.
Fraud Family provides criminals with access to a web panel that interacts with the phishing website, allowing them to request credentials such as multi-factor authentication tokens.
Fraud Family-related activity increased near the end of 2020 and into 2021, according to Group-IB, but similar-looking infrastructure has been advertised since 2018.
According to authorities, the 15-year-old suspect was freed “pending further investigation.” The willingness of Dutch officials to let teenage criminals off with a warning has set them apart. The Online Offender Prevention Squad, which was formed in the Netherlands with help from the United Kingdom, tries to steer juvenile hackers toward a legal cyber profession.
