The Civil Guard and the Mossos d’Esquadra have carried out two arrests in Albania, within a broad device carried out on November 8 and 9 for the dismantling of a transnational criminal organization, which defrauded its victims through alleged investments in cryptocurrencies .
The number of victims could reach hundreds of thousands and in Spain it is estimated that more than 17,000 people have been victims of this criminal organization. It is estimated that the investigated network obtained about 400 euros per minute and since the beginning of the investigation, they would have achieved profits close to 2,400 million euros.
Start of operation
The start of the investigation dates back to 2018, when the first complaints were received by the Mossos d’Esquadra and the Civil Guard. In the first one, an elderly woman reported that more than 800,000 euros had been stolen from her, explaining in her complaint that the deception had occurred from a phone call in which a supposed “financial expert” proposed to make investments. millionaires in cryptocurrencies
In principle, the woman only had to transfer 250 euros, but the large profits that the scammers pretended to obtain meant that the woman ended up investing significant amounts of money. At that time, the criminal organization installed a program on the victim’s computer to control all of her financial movements, causing her to lose the savings she had in her bank accounts.
Fake brokers contacted potential victims from call centers located in Albania, simulating extensive knowledge of the world of finance, manipulating potential investors with persuasive techniques and offering large benefits from small investments. In reality, they were real scammers who tricked them through social engineering techniques into making investments in web platforms controlled by the criminal organization.
The initial investments were 250 euros and they soon informed the victim of supposedly great benefits, so trust towards their broker evolved favorably and caused them to continue depositing more money on the platform, being able to transfer hundreds of thousands of euros to throughout your relationship with your handler. With these false data, the supposed brokers made the investor believe that his earnings multiplied exponentially, helping to maintain his interest in the investment.
On the other hand, during the deception process, the fraudster managed to get his victim to authorize the installation of remote access software on his personal computer and in this way ensured that he could access bank information and account passwords.
When the investor wanted to withdraw all or part of the profits obtained, the scammer asked for more money to be able to withdraw the funds with different excuses, such as paying taxes or alleged system failures. In case of not getting more investment from the victim, the organization accessed the personal banking information and emptied the accounts.
Coordination and promotion of the operation
At the beginning of the investigation, the Mossos d’Esquadra detected more than a hundred web pages controlled by the criminal organization and it was verified that there was a company that was being investigated by Civil Guard Units (Organic Unit of the Judicial Police of the Guardia Civil de Huesca and the Judicial Police Unit of the Catalonia Zone), for which reason in mid-2019 a Joint Investigation Team (ECI) was established between both bodies.
The fact that there were other European countries that were investigating this type of fraud with the same modus operandi, gave rise to a transnational investigation that has been coordinated by Eurojust in which units from different police forces throughout Europe have participated jointly. among which stand out, Investigation Units of the Civil Guard, Mossos d’Esquadra of the Criminal Investigation Division (DIC) and the police of Germany, Sweden, Finland, Latvia, Albania, Ukraine and Georgia.
The important effort made by the Ukrainian Police during the development of the investigation and in the exploitation phase must be highlighted, with the dismantling of a call center in kyiv with more than 800 workers.
Eurojust created a Joint Investigation Team (JIT) in 2020 between all participating countries and, for two years, has coordinated investigations and execution of international arrest warrants, European investigation warrants and letters rogatory in third countries.
Investigators specialized in the world of cybercrime were able to determine the links between the different web platforms investigated, as well as the software development companies and the “call centers” that they used to communicate with the victims and with other merchants. .
All this was part of a large international network dedicated to the fraud of a multitude of European citizens, although victims from other continents could also be identified.
Given the specialization of the criminal organization, one of its most important ramifications lay in the call centers that were located in countries bordering the European Union, such as Albania, Georgia, North Macedonia, Andorra or Ukraine. From these the scams were committed and the investigators suspected from the beginning that it was the first link in the chain, in relation to the flow of money to the organization.
Cybercrime specialists created technological programs to get to the core of the plot
The investigation has been very complex given the sophisticated level of the criminal network. They had a computer engineering team in charge of developing the visible part that operates on the Internet, call centers with operators who spoke several languages, companies spread throughout the world to move the assets and a financial group capable of transferring the defrauded money to tax havens and laundering the proceeds.
To counteract this structure and ensure the success of the investigation, an exclusive team of police officers was created with knowledge in programming and computer science who have developed and generated new tools to detect the movements of the organization and carry out an investigation that would allow them to reach the core of the crime plot.
Operations in Albania on November 8 and 9
On November 8 and 9, a Coordination Center (CECOR) was activated at the Eurojust headquarters in The Hague, from where the development of a device was simultaneously led by the different police forces for their action in Albania, Bulgaria, Georgia, North Macedonia and Ukraine.
The total number of police actions that were carried out in the countries reviewed has led to the dismantling of 15 call centers, the arrest of the two top managers of the organization in Albania, the identification of 16 people and the intervention of more than 355 computers, mobiles, tablets and other electronic objects with relevant information for researchers. During the searches, cryptocurrency assets have been located in various cryptowallets for a value of €16,000, in addition to €25,000 in cash.
In the action carried out in Albania, some thirty police officers from the Civil Guard and Mossos d’Esquadra, in coordination with the Albanian police, proceeded to dismantle six call centers controlled by the investigated criminal organization, from which the fraudsters contacted their victims, arresting two people and intercepting 155 computers through which the fraudulent operations were carried out.
Check that websites are legal
Faced with this massive fraud of online financial scams, prevention becomes an essential measure to avoid these criminal mafias. To avoid this type of fraud, which can have devastating consequences, investors are recommended to take all security measures when making online investments and check if the websites belong to companies that operate legitimately in our country.
In case of receiving unplanned calls from unknown people who offer astronomical profits from investments with little money, you should always make sure of the type of company behind it, so as not to fall into the traps of criminal organizations that, when they have captured their victims, they deceive with manipulative techniques by simulating profits and benefits that are not existing.