Sixty people are under arrest suspected of online fraud after a joint law enforcement operation covering 19 countries in Europe.
The suspects arrested during the operation – which ran from September 23 to October 4 – were responsible for almost 6,500 fraudulent transactions with compromised credit cards, with an estimated value exceeding $5.6 million (€5 million).
The operation, carried out nationally, was coordinated by Europol’s European Cybercrime Centre (EC3) and received direct assistance from national law enforcement authorities and the private sector. E-commerce fraud (electronic commerce fraud) includes illegal or false transactions made on online platforms, apps and services or over the Internet: Fraudsters simply use stolen card information to purchase goods on webshops.
Europol supported national competent authorities during the operations in their respective countries with analytical support and information exchange. In order to protect customers from fraudulent payments and assure a safe online environment, Europol also collaborated with banks, payment card schemes European retailers and logistics companies. The private sector supported the action cooperating with national law enforcement authorities, by reporting fraudulent activity.
2019 e-Commerce Action (eComm 2019) led to:
• Over 40 house searched
• 6,500 fraudulent transactions discovered
• $5.6 million (€5 million) in losses reported
• $103,500 (€93 000) in losses prevented
• Surveillance teams deployed
• Electronic devices, card data and cash confiscated
The investigative measures revealed individual fraudsters are connected to organized crime groups and have been involved in other forms of crime, such as phishing, malware attacks, using stolen passports, money laundering, creating fake websites and using social media platforms to carry out fraud.
This year, an increase was reported in the number of fraudulent purchases of services online instead of physical goods: this makes it very complex to investigate due to the virtual dimension of this crime. Fraudulent purchases of entrance or concert tickets, subscriptions and rentals are all done online, including through apps (i.e. non-card purchase, non-physical).
Some investigations showed fraudulently booked railway tickets (with compromised credit card data) are sold onwards to third parties who might then use them to commit other crimes and offences. In this case, more than 1,000 fraudulent bookings were noted, with a financial loss of around $77,913 (€70,000). Another modus operandi is to buy vouchers with compromised credit cards and get them reimbursed with a different payment method afterward.
Many cross-border cases followed the ‘advance fee fraud’ modus operandi: Often when a fraudulent purchase is made, bank accounts receiving the funds are located in different EU countries or overseas. Where banks were located outside the EU, international card schemes supported the investigations.
Websites and social media accounts were used to create online shops fraudulently or purchase electronic goods. The turnover for the suspects can be up to billions of euros worldwide every year. The attackers use stolen credit card data, obtained on the darknet or through malware or phishing attacks, to buy products. Consumers sometimes do not realize their card data is also being stolen or compromised when they make purchases. Industries, banks and the merchants are the ones to be penalized and the ones that registered the higher losses.
There are guidance measures to follow to avoid becoming a victim of fraud:
• Make sure the device you are using to make online purchases is properly configured and the Internet connection is safe.
• Using a card is a safe method of payment online as long as you exercise the same care as in other shopping.
• There are simple warning signs that can help you identify scams. If you are a victim of online fraud, report it to the police. If you bought the product with a credit or debit card, report it to your bank as well.
• Check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.