Security News > 2021 > July > Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation.
Believed to be active since at least 2020, the cybercriminal syndicate has been codenamed "Fraud Family" by cybersecurity firm Group-IB. The frameworks come with phishing kits, tools designed to steal information, and web panels, which allow the fraudsters to interact with the actual phishing site in real time and retrieve the stolen user data.
"The phishing frameworks allow attackers with minimal skills to optimize the creation and design of phishing campaigns to carry out massive fraudulent operations all the while bypassing 2FA," Group-IB Europe's Roberto Martinez, senior threat intelligence analyst, and Anton Ushakov, deputy head of the high-tech crime investigation department, in a report, adding the gang "Advertises their services and interacts with fellow cybercriminals on Telegram messenger."
Infections involving Fraud Family commences with an email, SMS, or WhatsApp message impersonating well-known local brands containing malicious links that, when clicked, redirect the unsuspecting recipient to adversary-controlled payment info-stealing phishing websites.
In an alternative attack scenario, the fraudsters were observed posing as a buyer on a Dutch classified advertising platform to contact a seller and subsequently move the conversation to WhatsApp to trick the latter into visiting a phishing site.
Group-IB researchers noted the "High level of personalization" offered by the phishing websites, which not only impersonate a legitimate Dutch marketplace, but also claim to use a well-known e-commerce payment system in the country, only to lead the victim to a fake bank webpage from where the credentials are siphoned based on the bank selected.