A website offering phishing services to fraudsters has resulted in the worldwide loss of more than 115 million euros to individuals and companies that were defrauded.
These cyber attackers impersonated companies or trusted contacts of their victims, such as retailers and government institutions.
By simply registering on the platform and paying for their services, the fraudsters obtained the necessary tools to impersonate users. They could make calls anonymously or send recorded messages, thus obtaining one-time passwords (OTP) and accessing confidential information of their victims.
This is how they managed to earn more than 3.7 million euros in 16 months with this website. At least 142 people have been arrested during an operation in France, Germany, Australia, Ukraine, USA and Canada. The website has been inactive since November 8.
"The exploitation of technology by criminals is one of the biggest challenges for law enforcement in the 21st century (...) By eliminating tools and systems that allow fraudsters to deceive innocent people on a large scale, this operation shows how we are determined to target corrupt individuals who seek to exploit the most vulnerable," notes Sir Mark Rowley, commissioner of London's Metropolitan Police.
Examples like this remind us that password-based MFAs are no longer enough. For all these reasons, we want to stress the importance of removing passwords from our network. If we do not use passwords, there is no chance that they will be stolen.
Nowadays, thanks to the technological development we are going through, we can say goodbye to the old-fashioned passwords by replacing them with an identity based on the user's behavior, ensuring that only the user can access the information. From Ironchip, we propose a passwordless digital identity based on the location guaranteeing a secure access.