A few months ago, we were approached by the Dutch TV show Opgelicht?!, which discusses various types of fraud. One of the subjects discussed was the “We-Cycle” phishing campaign where they asked us to comment on the phishing scheme. Naturally we agreed because we find it important to warn people about the danger of phishing, to educate them on how they can recognize it and what they should do to protect themselves.
The phishing scheme
The scheme is quite simple: a potential victim receives a typical phishing e-mail that states that a new debit card will be issued and the old one has to be returned to the bank. There are two options for this. The first is to go to the bank and give back the card, but this will cost you 22 euro; normally this doesn’t happen, but this was something that tripped up some of the targets.
The second option is to click on the link — which is naturally a phishing link — fill in a lot of information including the PIN code of the debit card, and send the debit card by mail to the address indicated on the phishing website. The good thing is, as the e-mail stated, this option wouldn’t cost any money!
After the victim sent their debit card in an envelope to the address, the fraudsters were literally just waiting for the mail to arrive. Once the post arrived the criminals literally fished the envelopes with the debit cards inside out of the mailboxes that they had indicated on the website. These criminals did not use post boxes registered for their names, but rather some random boxes they could access easily. They now had all the information to go to the ATM and steal the money from the victims.
— Kaspersky Lab (@kaspersky) November 13, 2015
Public private partnership
Luckily for the victims and potential victims, there is Opgelicht?! TV show (the name can be translated as Scammed?!). Show creators see it as their duty to inform people of various fraud techniques and this particular phishing scheme attracted their attention. The producers contacted Kaspersky Lab and asked for commentary. Obviously, we were glad to help them.
After the episode aired and after seeing my comments on the TV, the fraudsters changed their phishing scheme so that part of the tips that I gave on how to recognize a phishing e-mail, did not work anymore.
— Kaspersky Lab (@kaspersky) November 11, 2014
So Opgelicht?! decided to take one step further: They went to the addresses where the debit cards were sent to and started filming. Of course they hid themselves so the fraudsters wouldn’t see them and in one case they even hung a Go-Pro camera in a tree. They were lucky enough to catch the criminals on camera and then they aired this footage on TV.
The next step was to warn potential victims again on the updated phishing scheme, so they asked me again to give comments, considering changes in fraudsters’ scheme.
As you can guess, the fraudsters were not happy with our anti-fraud campaign. In order to get rid of their frustrations they tried to defile me. They registered a domain name containing my name and some nasty words. Of course, I was offended and somewhat worried that some people could draw the wrong conclusions. Some might say that I’m involved in the phishing scheme because the domain is registered on my name, which is clearly nonsense.
— Kaspersky Lab (@kaspersky) February 19, 2015
On the other hand, this was a sign that the tips I gave were useful. Not quite sure how to handle this situation we contacted Opgelicht?! creators who already were in touch with police and proposed to file a report which would be added to the case that the police were investigating.
The police are still busy with their investigation and recently arrested 4 people from Amsterdam, aged between 21 and 25. In total the gang was able to steal 1.8 million euro’s from 650 victims in the Netherlands. We are really happy to see that a public private partnership does work well and together we are able to fight crime.
In this case, it was a cooperation of law enforcement, private IT security company and TV journalists — by working closely and having the same goal in mind we investigated this fraud scheme, helped to keep off potential victims, and finally the police were able to arrest the suspects and prevent further damage.