Europol said on Wednesday that police has arrested 49 suspected members of a cyber criminal group across Spain, Poland, Italy, the United Kingdom, Belgium and Georgia, suspected of stealing million of euros from European bank accounts. As part of the operation, 58 properties were searched, and authorities seized laptops, hard disks, telephones, tablets, credit cards and cash, SIM cards, memory sticks, forged documents and bank account documents. Parallel investigations revealed international fraud totaling EUR 6 million, accumulated within a very short time.

The modus operandi used by this criminal group is the so-called man-in-the-middle and involved repeated computer intrusions against medium and large European companies through hacking (malware) and social engineering techniques. Once access to companies’ corporate email accounts was secured, the offenders monitored communications to detect payment requests. The company’s customers were then requested by the cybercriminals to send their payments to bank accounts controlled by the criminal group. These payments were immediately cashed out through different means. The suspects, mainly from Nigeria, Cameroon and Spain, transferred the illicit profits to outside the European Union through a sophisticated network of money laundering transactions.