The network defrauded at least 51 victims and monitored more than 60 bank accounts. This loosely organized group launched assaults against financial institutions to breach their security measures. After appearing in court in Elche, six detainees, including the ringleader of the scheme, were released on probation, defended by attorney Aitor Esteban Gallastegui.
The investigation began after two complaints filed by a bank branch manager in Istanbul. The Elche National Police Station took up the case, noting that the bank’s computer security systems had been compromised by third parties who benefited from the breach. Personal loans totaling 950,000 euros came under scrutiny as part of the incident.
Complaint
The bank triggered its alarms and notified the police after confirming that such a large loan had been granted and that no legitimate payments had been recorded. Irregularities in the transaction drew attention to the crime.
The Local Judicial Police Brigade of the Elche Police Station launched an inquiry through external security servers of banking partners. Once access was gained to the victim business’s system, the impostors ensured that the requested loan was issued for the amount they sought.
Authorities identified a criminal organization that is highly structured and specialized in online fraud, operating across the country.
The modus operandi of this group has evolved. Initially, they deceived people using acquaintances and peer-to-peer marketplaces, employing social engineering to obtain victims’ bank codes and drain accounts. They also used malicious calls or messages designed to appear as legitimate banking services. By adopting the identities of members at the lowest level of the operation, the group built a network consisting of domestic and foreign bank accounts, crypto investments, and virtual wallets to launder the stolen funds.
The ringleader emerged as the intellectual force of the fraud. A second key link, referred to in police slang as the “mules,” supplied the infrastructure, coordinated the operations, and kept the subordinates under control while remaining anonymous and issuing electronic instructions. Those who received the defrauded sums provided their identities, all in exchange for about 40% of the stolen amount.
Withdraw money
After loans were issued and the money appeared in the accounts of the so-called “mules,” a portion was quietly handed back to the principal conspirator so as not to raise suspicion.
During the investigation, investigators found that at least 52 other victims had fallen prey to additional scams. The group operated on a national scale, making it extremely challenging to locate all involved due to the online nature of their crimes.
After extensive efforts, investigators were able to identify the members of the organization using multiple police tools at once. Detainees were located in Aspe and Benidorm, and searches at several addresses yielded large quantities of computer equipment, credit cards, and cryptocurrencies, along with documents confirming authorship of the frauds. The suspects faced charges related to this criminal activity.
The total fraud value uncovered in the case reached 1,100,000 euros, and authorities learned that the organization managed more than 60 bank accounts in connection with the scheme. This case underscores how cybercriminal groups can orchestrate large-scale financial fraud by exploiting digital payment systems and weak security protocols.