Authorities Uncover Massive Vishing Ring With Over 10,000 Victims

 A joint operation involving Spanish and Peruvian authorities has uncovered and dismantled a sophisticated voice phishing (vishing) ring responsible for defrauding over 10,000 victims.

A well-coordinated takedown of a sophisticated operation

The criminal operation amassed gains of more than €3 million ($3.15 million). The law enforcement effort culminated with the arrest of 83 individuals allegedly linked to the vishing ring and the seizure of critical evidence.

Authorities carried out a sweep involving 29 simultaneous raids across Spain and Peru, targeting members of a criminal syndicate operating from three call centers.

Arrests and seizures

The arrests spanned multiple cities, including Barcelona, Mallorca, Madrid, Vigo and Salamanca in Spain. Thirty-five members, including the alleged leader of the criminal network, were apprehended in Spain, while the remainder were arrested in Peru.

During the operation, law enforcement agencies also seized cash, computers, mobile phones, and documents that will be investigated and potentially used as evidence against the suspects.

Scammers’ modus operandi

Threat actors executed their vishing scheme through advanced tactics, leveraging stolen databases and pre-written social engineering scripts to dupe victims into revealing sensitive banking information.

Criminal paraphernalia included:

• Caller ID spoofing: Scammers manipulated caller ID data to make it appear that their calls originated from legitimate banks and entities, feigning legitimacy.
• Social engineering scripts: Threat actors used pre-written dialogues to guide their call agents in defrauding victims. These scripts often included claims of unauthorized ATM withdrawals or restricted accounts.
• OTP exploitation: Perpetrators tricked victims into sharing their one-time passwords (OTPs) under the guise of account verification.

The scammers were highly organized. According to a Policia Nacional statement, perpetrators used color coding to identify targeted banking institutions.

“The employees in Spain were spread across different cities to make any subsequent police investigation more difficult,” reads a Policia Nacional press release. “They used secret codes with their colleagues at the call centres to inform them of the entities they had in sight, using colour codes based on the branches in question.”

Tips for staying protected

To avoid falling prey to vishing scams and other schemes, you should always:

• Verify caller identity: Always confirm you are speaking with a legitimate bank representative before sharing personal or financial information.
• Recognize red flags: Banks never ask you to share sensitive details such as card numbers, passwords or OTPs.
• Avoid immediate action: Scammers often instill a sense of urgency to impede their targets’ critical thinking. Take your time and always verify the authenticity of any claims.
• Use dedicated software: Specialized services like Bitdefender’s Scamio can help you identify scam attempts by submitting suspicious texts, emails, links, images or QR codes for instant analysis. Scamio is free and available on Facebook Messenger, WhatsApp, Discord and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.