Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Police dismantled a gang that used phishing sites to steal credit cards

The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least 70,000 people by setting up mobile fake top-up services. The police arrested five that created and […]

cyberpolice phishing sites

The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks.

The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least 70,000 people by setting up mobile fake top-up services.

The police arrested five that created and administered more than 40 phishing sites used to harvest bank card data of unaware citizens. Once obtained the data, crooks used it to empty their victims’ bank accounts.

One of the members of the group set up his own servers to operate the fraudulent scheme, he also hired three citizens who acted as so-called money mules (individuals that removed the funds from the accounts and transferred them to other accounts under the control of the gang or supported cash out). The money mules maintained a percentage of profit for each operation they carried out.

“Users entered bank card details on phishing sites in order to top up their mobile account or make a transfer. Thus, the attacker received payment information from more than 70 thousand people. Later, using this data, the group members embezzled citizens’ money.” reads the announcement published by the Ukrainian Cyberpolice. “The organizer also used paid marketing and analytical resources to bring these sites to the forefront of search services, as well as advertise services on social networks.”

The police raided the houses of the five suspects and seized 2 million hryvnias ($70,000) in cash, mobile phones, flash drives, bank cards, and computers. According to a preliminary investigation, the group stole more than 5 million hryvnias ($175,000) from the victims.

cyberpolice phishing sites

The arrested people now face criminal charges under Part 2 of Art. 361 (Unauthorized interference in the work of computers, automated systems, computer networks or telecommunications networks) and Part 3 of Art. 190 (Fraud) of the Criminal Code of Ukraine. The members of the gang face up to eight years in prison.

“Cyberpolice reminds you to check the URL carefully, as any inaccuracies can mean that the user has been caught on a phishing site. Do not enter third-party resources or disclose bank card details, especially CVV, PIN and card expiration date.” concludes the announcement.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, phishing)

[adrotate banner=”5″]

[adrotate banner=”13″]