Spanish Civil Guard, in an operation called Operation Lupin, caught a young man whose initials are J.A.F., age 23, and is considered to be the greatest cyber scammer in Spain’s history. With more than 25 charges, he was target number one for the police all over the country.

So far, there is an estimate of more than 1.5 million Euros stolen from 5.000 people with the use of fake web pages. Code name Lupin is in honor of the stealthy thief, Arsene.

The operation began after the Department of Cyber Crimes from the Central Operative Unity (COU) of the Civil Guard detected possible scams that affected thousands of people in different places in Spain, and they all had a common pattern.

These cyber scams happened with fake online shops selling electronic devices though copies of completely legal and known web sites in the market; even using their logos and brand names to lure users into the scam.

A common characteristic of these fake web pages was their limited time online. They could last for a weekend and disappear without leaving traces. During this small window of time, the web page had an intense publicity and positioning campaign on the main search engines and social networks with attractive offers, it was all with the intention of luring as many potential buyers as possible in such a short time.

A particularity of this organization was that it took advantage of what the new technologies offered: a continuous pursue of anonymity on the Internet to avoid detection, and being linked to the commission of crimes investigated.

€300.000 a Month

During the time the investigation lasted, the agents of Department of Cyber Crimes of the COU detected and traced around 30 different only stores; they were all managed by the felon and his accomplices.

In many occasions, they attracted victims from shop-sell online sites to their own fake web pages. It is important to remember that shop-sell external contents can be dangerous.

The products offered by these web sites were mainly electronic devices, especially video game consoles, and cell phones. Any attractive product was perfect to scam. They also took advantage of the seasons by offering A/C during summer, and heating during winter.

The name of the online shops traced so far are:

• com
• es
• es
• es
• es
• es
• es
• es
• es
• es
• es
• eu
• com
• es
• com
• com
• com
• co
• es
• es
• com
• com
• co
• press-starts.com
• co.

The volume of sales this person achieved was such that investigators checked that the monthly incomes from the scam, in some cases, were over €300.00. He used to show off this amount of money with his closest friends.

Types of Scams

Although the Civil Guard began this operation almost a year ago, is likely that J.A.F. had done these scams for three years. The most common way was that the web page forced the user to choose bank transfer as the only payment method.

The bank accounts used for this required the scammer to use hundreds of them, as well as using different SIM card numbers to avoid leaving traces. The accounts and phone numbers belonged to young people that got pay significant amounts of money to lend their personal information for this.

With time, these scams were perfected. Using the payment process as an excuse, the scammer called the victims and told them to download an app that would help them track their order. In actuality, the app would redirect the phone’s texts messages to access the codes sent by banks. This allowed them to confirm transferences, and charge credit card with high purchases, leaving the victim’s account in zero.

Once that step was over, they used the contactless technology to link the mules’ credit card to mobile terminals. By doing so they could withdraw the cash on ATMs all over Madrid, they had strong security measures. They would later repeat this process several times during day until they got thousands of Euros in a day.

Organized Criminal Group

J.A.F. had a group perfectly organized by him; they received a salary like any other regular job. For example, a computer specialist was in charge of creating the fake web pages, which why he was arrested this week in the province of Albacete.

.

The exaggerated security measures J.A.F took on his daily basis to avoid any kind of police action against him must be commanded: he used different identities and did not live for more than one week in the same places; hotels and apartment-hotels in Las Rozas and Majadona were usually the chosen locations. At the same time, another pay member of organization was in charge of providing these safe houses using other people’s names, also to provide security, and counter vigilance to his actions.

A Bank Account Mule Network

Another one of the arrested people was in charge of structure of getting mules, that is, the people offering themselves to open bank accounts with their name so J.A.F. could use them for his scams. They were the lowest level of the organization.

All these mules have been arrested by the regional Units throughout the course of this investigation. They were on the account holders from where the transfers of the scam were done.

J.A.F. had a strict control over these people and, if any of them tried to trick him and take more money than they should, he would take some measures such as posting the phone number on victims forums as if the mule was the scammer. He would also send emails to the victims posing as the CUO from the Civil Guard and the National Court claiming there was an ongoing investigation. He even paid people to beat the mules.

After a long and complex operation, they managed to identify the mind behind the scam, this took several weeks. J.A.F. arrest took place in a hotel in Madrid where he had recently established. Alongside his equipment, police confiscated more than 50 smartphones, and more than 100 prepaid SIM cards under other people’s name.