Police forces across Europe took action on Wednesday against organized cyber fraud. In Vienna, one of the two main suspects was arrested. More than 50 servers were seized, and 200 terabytes of digital evidence were secured, Europol reported on Thursday. Europol referred to the operation as the “dismantling of a sophisticated criminal network” that enabled large-scale online fraud.
Raids took place in Germany and Vienna, and the infrastructure linked to a marketplace and fake shops was dismantled in Germany, Finland, the Netherlands, and Norway. The main suspects are a 27-year-old and a 37-year-old. They were arrested in Germany and Austria based on European arrest warrants and are currently in custody.
The arrest in Vienna was carried out in cooperation with the investigating German police. “A decision will be made regarding their handover to the German authorities,” said Judith Ziska from the Vienna Public Prosecutor’s Office. The operation in the Austrian capital involved the Federal Criminal Police (BK), the State Criminal Police, the Street Crime Unit (EGS), as well as an Europol officer and two colleagues from the Hannover Police, said BK spokesperson Heinz Holub-Friedreich.
The investigation was initiated in autumn 2022 after reports of fraudulent phone calls. The fraudsters posed as bank employees to steal sensitive information such as addresses and security answers from victims. These stolen data were traced back to a specialized online marketplace that acted as a hub for trading illegally obtained information.
Central Hub for Cyber Fraud
The marketplace allowed its thousands of users to purchase stolen data, sorted by region and account balance. “This customization enabled criminals to carry out targeted frauds more efficiently,” Europol experts explained.
“With this insidious strategy, the operators maximized their revenue and created a system that facilitated access to tailored data packages for other criminals,” said the Hannover Police Directorate. The sale and reuse of online banking and credit card data resulted in a total loss of over 250,000 euros for about 57 victims.
Investigators also uncovered a network of fake online shops designed to lure customers into entering payment information (“phishing”). The stolen login credentials were also sold on the marketplace. According to investigators in Hannover, around 63,000 data sets were obtained through these deceptively realistic online platforms.
The operation was led by the Hannover Police Directorate and the Public Prosecutor’s Office in Verden, Germany, supported by law enforcement agencies across Europe. Europol and the European Cybercrime Centre (EC3) provided extensive resources and digital forensics to analyze and secure the complex evidence. Europol also deployed a task force of data scientists who worked on processing and interpreting vast amounts of data, uncovering important connections.