The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians.
The threat actors used forms on the site to steal visitors’ payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control.
According to the police’s estimates, the total damage caused by this cybercrime operation is 100 million hryvnias, or approximately $3,360,000, stolen from roughly 5,000 victimized citizens.
Citizens who have entered personal details on any of the following domains should consider themselves compromised and report it to the cyberpolice and their bank to receive further instructions.
The announcement does not mention how users ended up on the phishing sites, but it could be via spam email, SEO poisoning, direct messages, or scam posts on social media platforms.
Law enforcement was able to track the phishing actors with the help of investigators from the Pechersk Police Department and the assistance of specialists from the National Bank of Ukraine.
The cyberpolice also published a video from one of the raids on a suspect’s residence. Computer equipment, mobile phones, bank cards, and money found during the raids were confiscated.
The arrested individuals face up to 15 years in prison for multiple violations of Ukraine’s Criminal Code, including Part 3 of Article 190 (fraud) and Part 5 of Article 361 (unauthorized interference in the work of computers and networks).
The case is particularly severe due to the fact that the phishing campaign targeted fellow Ukrainians in dire need of social payments to support them during a period of hardship caused by the Russian invasion and the loss of jobs and socio-economic stability.