Ukrainian police takes down phishing gang behind payments scam

Gang may have defrauded 5,000 people with promises of EU support.
Written by Charlie Osborne, Contributing Writer
Close-up of a person wearing glasses leaning toward a computer screen. Lines of code reflect on the glasses.
Image: Getty Images

Ukrainian police said they have arrested suspected members of a cyber-criminal gang conducting an EU payments phishing scheme.

In a statement, Ukraine's Cyber Police Department and the Kyiv-based Pechersk Police Department said the criminal group created and promoted roughly 400 phishing links to send to the county's citizens.

The links sent victims to malicious, fraudulent websites packaged up as European Union resource pages.

SEE: Google: Half of zero-day exploits linked to poor software fixes

The phishing group decided their scam would be disguised as an EU social security payments scheme that could be claimed by beleaguered Ukrainian residents who need financial help -- but, of course, they had to first provide their bank card details.

Residents were also required to complete surveys, likely to make the websites appear more legitimate. The information in the surveys could also potentially be used by the cyber criminals to gather more information on their victims.

Image: Cyber Police Department

"Through the websites, Ukrainians were offered to form an application for the payment of financial assistance from the countries of the European Union," law enforcement says.

Once the cyber criminals had obtained a victim's bank details, the information was used to compromise online-banking accounts and withdraw funds without permission.

Specialists from the National Bank of Ukraine, who assisted in the investigation, say that over 5,000 citizens were defrauded, leading to losses of roughly 100 million hryvnias ($3.38m).

In total, nine people have been arrested. Law enforcement also conducted searches of the suspects' homes and seized computer equipment, mobile phones, bank cards, and cash.

If the suspects are found guilty of fraud charges under the Criminal Code of Ukraine, they face up to 15 years in prison.

Earlier this year, Ukrainian police arrested five members of a ransomware affiliate suspected of being responsible for cyberattacks on at least 50 companies in Europe and the United States. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards