Ransomware infrastructure taken down by Police

Europol supported the German, Dutch and US authorities to take down the HIVE ransomware infrastructure.  Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals.  Around €120 million was saved due to mitigation efforts.  This international operation involved authorities from 13* countries.

HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA.  Since June 2021, over 1,500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost €100 million in ransom payments.

Affiliates executed the cyberattacks, but the HIVE ransomware was created, maintained and updated by developers.  Affiliates used the double extortion model of ‘ransomware-as-a-service’:

  • first, they copied data and then encrypted the files.
  • Then, they asked for a ransom to both decrypt the files and to not publish the stolen data on the Hive Leak Site.
  • When the victims paid, the ransom was then split between affiliates (who received 80 %) and developers (who received 20 %).

Europol streamlined victim mitigation efforts with other EU countries, which prevented private companies from falling victim to HIVE ransomware.  Law enforcement provided the decryption key to companies which had been compromised in order to help them decrypt their data without paying the ransom.  This prevented the payment of more than US$130 million or the equivalent of about €120 million of ransom payments.

Europol facilitated the information exchange, supported the coordination of the operation and funded operational meetings in Portugal and the Netherlands.  Europol also provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through cryptocurrency, malware, decryption and forensic analysis.

The EAST Expert Group on Payment and Transaction Fraud (EPTF) focuses on the security of payments and transactions and covers the prevention of ransomware within its brief. The 14th EAST EPTF meeting took place on 9 November 2022.

EAST EGAF holds 28th Meeting in Amsterdam

28th EGAF Meeting

The 28th Meeting of the EAST Expert Group on All Terminal Fraud (EGAF) took place on Wednesday 18th January 2023 hosted by Group-IB in Amsterdam.  The hybrid meeting was chaired by Otto de Jong from ING Bank.

It was attended by 26 key representatives from Terminal Deployers, Terminal Vendors, Networks, Card Schemes, Security Equipment and Software Vendors, Law Enforcement and Forensic Analysts. 13 people were in the room and there were 13 virtual participants.

Experts from the following organisations contributed to the meeting: Atruvia AG, Bits A/S, BKA, BNP Paribas, Cennox, Damage Control, Diebold Nixdorf, Dutch Banking Association, Europol, Gendarmerie Nationale (IRCGN), GMV, Group-IB, ING Bank, KAL, LINK Scheme, Mastercard, NatWest Group, NCR, Payment Services Austria (PSA), Polish Banking Association (ZBP), TietoEVRY, and Visa.

EAST EGAF, which meets three times a year in advance of each of the meetings of EAST National and Global Members, enables in-depth and technical discussion to take place on Logical and Malware attacks, Card Data Compromise and other issues relating to terminal fraud.

Discussion at the meeting focussed on the follow up to three EAST Fraud Alerts relating to Active Shimmer (Wedge) / Relay attacks, to contactless fraud, and to prevention measures relating to black box attacks.

EAST EGAF generates EAST Fraud Alerts for all EAST Members (National, Global and Associate). In total 276 Fraud Alerts have been issued as can be seen in the table below.

 

Cash is still used for most consumer payments in the Eurozone, but its share is declining

According to the latest study by the European Central Bank (ECB), cash is still the most frequently used means of consumer payment at the point of sale (POS), but its share is declining matched by a rise in electronic payments.  Consumers prefer electronic payment methods, but value having cash as an option.  The trend towards electronic means of payments has accelerated with the pandemic and a majority of consumers now prefer to use electronic payment methods.

Some key results from the study are:

Cash Payments

  • Cash was used for 59% of point-of-sale transactions in 2022, down from 72% in 2019.
  • It is the means of payment most often used for small-value payments in stores and for person-to-person transactions.
  • A majority (60%) also consider it important to have cash as a payment option.
  • Consumers perceive cash as helpful to remain aware of their expenditures, to protect their privacy and to allow transactions to be settled immediately.
  • Overall, consumers are satisfied with their access to cash, with a large majority of consumers finding it easy to get to an ATM or a bank to withdraw cash in most countries.
  • The perceived key advantages of cash were its anonymity and protection of privacy and the perception that it makes one more aware of one’s own expenses.
  • 37% of consumers kept cash reserves at home, outside the wallet or a bank account, up from 34% in 2019.
  • Cash was accepted in 95% of physical payment locations throughout the euro area, down from 98% in 2019.

Electronic Payments

  • The share of online purchases as a percentage of all euro area day-to-day transactions has increased significantly to stand at 17% in 2022, up from 6% in 2019.
  • For purchases at a point of sale, the share of card payments has grown by 9 percentage points to 34% in 2022, with contactless payments now making up the majority of card payments.
  • Contactless card payments at the POS increased considerably in three years, from 41% of all card payments in 2019 to 62% in 2022.
  • Cards are considered faster and easier to use and are seen as reducing the need to carry large amounts of cash.
  • Cards are the most frequently used payment method for larger payments and account now for a higher share of payments than cash in value terms.
  • The perceived key advantages of cards were that consumers don’t have to carry cash with them, coupled with the convenience of contactless payments.
  • The share of payments using mobile apps increased from less than 1% in 2019 to 3% in 2022.
  • Cashless means of payments, particularly mobile phone apps, increased in P2P payments. Between 2019 and 2022, the share of mobile payments more than tripled in terms of number from 3% to 10%, and rose from 4% to 11% in terms of value.
  • In the euro area it was possible to pay with non-cash instruments in 81% of transactions in 2022.

For full details of the Study on the Payment Attitudes of Consumers in the Euro area (SPACE) visit the ECB website.  The report presents the key findings from SPACE 2022 and compares them with the results of the 2019 study and, where relevant, with an earlier ECB study conducted in 2016, the Study on the Use of Cash by Households in the euro area (SUCH).

The next study will be published by the ECB in 2024.

Payment Security

The EAST Expert Group on Payment and Transaction Fraud (EPTF) focuses on the security of payment and transactions. The 14th EAST EPTF meeting took place on 9 November 2022.

The EAST Expert Group on All Terminal Fraud (EGAF) focused on the security of cards and payment terminals. The 27th EAST EGAF meeting took place on 14 September 2022.

The EAST Expert Group on ATM and ATS Physical Attacks (EGAP) focuses on the security of cash, cash handling terminals, and cash-in-transit.  The 18th EAST EGAP meeting took place on 31 August 2022.

Message from the Executive Director

The end of another busy year is almost upon us.  On behalf of the EAST Board I would like to thank everyone who has contributed to the continued success of EAST this year.  Being able to meet again in-person has been fantastic and, while all our meetings are still not yet back to normal, the hybrid meetings that we held all went well, as did the virtual meetings.

EAST supported Europol by attending two Joint Advisory Group Meetings on 25 May and 18 October, and by presenting at an EMPACT action dedicated to Terminal and Host Frauds on 14 December.  Rui Carvalho represented EAST.  Supported by EAST EGAF, Europol published updated guidelines to help industry and law enforcement counter the ATM Logical Attack threat.

EAST supported CEPOL by presenting at a course focussed on combating Card Fraud on 12 November.  I represented EAST.

During the year we said goodbye to two long-standing friends and colleagues, Phoebus Christodoulides and Delia Vaquerizo.

Ukraine is represented at EAST by the Ukrainian Interbank Payment Systems Member Association (EMA) and it was a real pleasure to see their representative Olesya Danylchenko in-person at our 1st Global Congress in June.  Despite the pressures of the war, she has done a fantastic job in sharing information during these very difficult times.  I know I speak for all of us in wishing her, her colleagues, and all their families, a safe, warm, connected, and very happy Christmas.

And lastly every best wish to all readers for a wonderful festive break and a very happy New Year!

Kind regards

Lachlan

Thousands of Money Mules arrested in international Police Operation

In a recent operation that ran from mid-September to the end of November 2022 Law enforcement from 25 countries, supported by Europol, Eurojust, INTERPOL and the European Banking Federation (EBF)  joined forces to crack down on one of the most important enablers of money laundering: money mules and their recruiters.

A ‘money mule’ is a person who transfers stolen money on behalf of others, usually through their bank account. Criminals contact people and offer them cash to receive money into their bank account and transfer it to another account.

During the operation 8,755 money mules were identified alongside 222 money mule recruiters, and 2,469 people were arrested worldwide.

This was the eighth European Money Mule Action (EMMA8).  EMMA is the largest international operation of its kind, built around the idea that public-private information sharing is key to fighting complex modern crimes. This year, and with the continuing coordination of the EBF, around 1,800 banks and financial institutions supported law enforcement in this action, alongside online money transfer services, cryptocurrency exchanges, Fintech and Know Your Customer (KYC) companies, and multinational computer technology corporations.  Related actions were carried out in countries as far apart as Colombia, Singapore and Australia.

Results Overview

  • 2,469 money mules arrested;
  • 1,648 criminal investigations initiated;
  • 4,089 fraudulent transactions identified;
  • €17.5 million intercepted.

Participating countries 

Australia, Austria, Bulgaria, Colombia, Cyprus, Czech Republic, Estonia, Greece, Hungary, Singapore, Hong Kong (China), Ireland, Italy, Moldova, Netherlands, Poland, Portugal, Romania, Slovak Republic, Slovenia, Sweden, Switzerland, Spain, United Kingdom, United States.

Don’t Be a Mule!

This week Europol, together with the EBF and financial institutions, is raising awareness about this crime and its criminal implications through the #DontBeaMule campaign.

The campaign is available for download in 26 languages and informs the public about how these criminals operate, how to recognise the signs and what to do if they become a target.  For more information visit Europol’s website.

If you think that you might be being used as a mule, act now before it is too late!  Stop transferring money and notify your bank and your national police immediately.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of money laundering. The 14th EAST EPTF meeting took place on 9 November 2022.

‘Spoofing’ website taken down by police

A ‘spoofing’ website believed to have caused an estimated worldwide loss in excess of £100 million (€115 million) has been taken down in a coordinated police action led by the United Kingdom and supported by Europol and Eurojust.  142 suspects have been arrested, including the main administrator of the website.

The website allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing’.  Spoofing relating to cybersecurity, is when someone or something pretends to be something else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or spread malware.

Judicial and law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada helped to take down the website.

The services of this website allowed those who signed up and paid for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords. The users were able to impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain and substantial losses to victims.

The investigations showed that the website earned over €3.7 million in 16 months.  According to UK authorities, losses to victims at present are £43 million (€49 million), with estimated worldwide losses in excess of £100 million (€115 million).

In an international coordinated action carried out in November 2022, 142 users and administrators of the website were arrested across the world. The main administrator of the website was arrested in the UK on 6 November.  On 8 November 2022, the website and server was seized and taken offline by US and Ukrainian authorities.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of spoofing relating to cybersecurity. The 14th EAST EPTF meeting took place on 9 November 2022.

Online shopping fraud – Police arrest 59 people in cross-border operation

Online shopping fraud (also known as e-commerce fraud) is a rising threat. To counter this a coordinated crackdown has seen 59 scammers arrested and new investigative leads triggered all across Europe as part of Europol’s 2022 e-Commerce Action (eComm 2022). 19 countries took part in the successful action, which was coordinated by Europol’s European Cybercrime Centre (EC3) and the Merchant Risk Council (MRC). Direct assistance was received from merchants, logistic companies, banks, and payment card schemes.  Investigations are still ongoing in various countries, with more arrests expected in the coming weeks.

Online Payment Security

Online payments in Europe are generally very secure, mainly due to the wide implementation of Secure Customer Authentication (SCA).  SCA is a European regulatory requirement aimed at reducing fraud and making online and contactless offline payments more secure.  Broadly speaking customers shopping online may be asked to verify their identity with two factors during the checkout process.

To counter this criminals are continuously altering their techniques to unlock new ways of stealing money. eComm22 has identified the following threats to the e-commerce sector:

  • Phishing, vishing (Voice phishing) and smishing (SMS phishing) fraud:  These are techniques for fraudulently obtaining private information.  The criminals contact people by phone, text messages, messaging apps or email and attempt to convince them to hand over their credit card information. Sometimes these attacks promise a reward, other times they impersonate a trusted business or a government agency.
  • Account Takeover (ATO) Fraud: This is a form of identity theft in which the fraudster gets access to a victim’s bank or credit card accounts and uses them to make unauthorised transactions.
  • Fake websites (also referred to as Triangulation Fraud): These are websites that are not  legitimate venues designed to entice the visitor into revealing sensitive information, to download some form of malware, or to purchase products that never arrive.  eComm22 highlighted their use to entice buyers with cheap goods. Sometimes these fake websites appeared in ads, or links were sent to a user’s email directing them to the website through a phishing attempt. The catch is that these goods don’t actually exist, or are never shipped.

How to Protect Against Online Shopping Fraud

Online Shopping FraudEuropol, in conjunction with European Law Enforcement and the MRC, has today launched an awareness campaign that will be promoted through the hashtag #SellSafe.  This shares practical advice on how to outwit criminals trying to abuse the online shopping experience.  The aim  is to make e-commerce more secure by promoting safe online purchasing methods and by helping new merchants to open online shops without the risk of cyberattacks.

Some key tips for online shoppers are:

  • Never send your card number, PIN or any other card information to anyone by e-mail.
  • Never send money to anyone you don’t know.
  • Always save all documents related to your online purchases.
  • If you are not buying anything, don’t submit your card details.
  • Check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.
  • For more information read Europol’s Tips And Advice To Avoid Becoming A Fraud Victim

Some key tips for e-business owners are:

  • Ensure all your employees are aware of the fraud issues affecting online stores.
  • Stay up to date on the types of payment fraud affecting businesses and have the tools in place to prevent them. Your national payments organisation will have details on payment fraud types.
  • Get to know your customers in order to be able to verify their payments.
  • For more information read Europol’s advice on Safe Sales, Safe Revenue

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, online shopping fraud. The 14th EAST EPTF meeting took place on 9 November 2022.

EAST EPTF holds 14th Meeting

The 14th Meeting of the EAST Expert Group on Payment and Transaction Fraud (EPTF) took place on Wednesday 9th November 2022.  It was conducted as a virtual meeting and was chaired by Rui Carvalho, EAST Development Director.

The meeting was attended by 14 key representatives from Card Issuers, International Banks, Law Enforcement, Payment Processors, Payment Services Providers, and Solution Providers.

Europol and provided the law enforcement perspective, and presentations were also made by Cartes Bancaires, Diebold NixdorfDutch Banking Association, Group-IB, PAN-Nordic Card AssociationPayment Services Austra (PSA), PLUSCARD, SIBs, TietoEVRY and Worldline.  Social engineering remains a key concern, as does Card Not Present (CNP) fraud outside Europe.  Contactless fraud is a rising issue, as is mobile wallet fraud.

EAST EPTF, which meets three times a year, adds value to the payments industry by using the unique and extensive EAST National Member and EAST Global Member platforms, and the Associate Member network, to provide information and outputs that are not currently available elsewhere.  It is a is a specialist group that discusses security issues affecting the payments industry and that gathers, collates, and disseminates related information, trends and general statistics.

EAST National & Global Members represent 34 countries and outputs from the group are presented to EAST Global Congress Meetings.  There are 216 EAST Associate Member Organisations from 52 countries and territories.

EAST Publishes Fraud Update 3-2022

EAST has published its third Fraud Update for 2022.  This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 7 non-SEPA countries, at the 2nd EAST Global Congress held on 5th October 2022.

The following countries supplied full or partial information for this Update:

Algeria; Armenia; Canada; Finland; France; Germany; Greece; Ireland; Italy; Liechtenstein; Luxembourg; Malta; Mexico; Morocco; Netherlands; Norway; Poland; Portugal; Romania; South Africa; Spain; Sweden; Switzerland; Ukraine; United Kingdom.

FRAUD TYPE

Fraud Update

To date in 2022 the EAST Expert Group on All Terminal Fraud (EGAF) has published five related Fraud Alerts.

Fraud Update

To date in 2022 the EAST EGAF has published three related Fraud Alerts.

FRAUD ORIGIN

Fraud Update

To date in 2022 the EAST EGAF has published one related Fraud Alert.

Fraud Update

To date in 2022 the EAST EGAF has published one related Fraud Alert.

DUE DILIGENCE

Fraud Update

PHYSICAL ATTACKS

To date in 2022 the EAST Expert Group on ATM and ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts.

The full EAST European Fraud Update is available to EAST Members (National, Global and Associate).

Information on the Fraud Definitions and Terminology used by EAST can be found as follows:

FRAUD  DEFINITIONS

FRAUD TERMINOLOGY

TERMINAL FRAUD DEFINITIONS

TERMINOLOGY FOR LOCATIONS OF CDC DEVICES AT ATMS AND OTHER TERMINALS

TERMINAL PHYSICAL ATTACK DEFINITIONS AND TERMINOLOGY

Investment fraud scammer arrested

A cross border Police operation, supported by Europol, led to the arrest of a Croatian national believed to have been running a large-scale, multi-layered investment fraud scheme which cost unsuspecting victims a total of at least €5 million. Over 70 German victims have been identified so far.

On 6 October, the 50-year old man was arrested in Tenerife, Spain, by the National Police, as a result of a complex investigation involving four countries (Germany, the Netherlands, Spain and Hungary).  This arrest follows a complex investigation initiated in December 2019 by the German Police Headquarters Ludwigsburg, with the support of Europol’s European Financial and Economic Crime Centre (EFECC).

On the action day 37 property searches were carried out: Germany (18), the Netherlands (12), Spain (4) and Hungary (3).

How The Investment Fraud Scam worked

  • The criminal pretended to be an employee of a real, Geneva-based investment company, reaching out to unsuspecting victims to persuade them to part with their savings, and promising lucrative investment companies.
  • To appear legitimate, he set up a fake (spoof) website which looked almost identical to the real company’s website.
  • To trick his victims he provided fake investment documents that appeared to come from legitimate banks and insurance companies.
  • The victims were instructed to send funds, via wire transfer, to bank accounts he controlled.
  • Once the payments had been made, he disappeared with the money, moving the stolen funds from one jurisdiction to the other to conceal their illegal origin. (The investigators were able to track the stolen funds to Türkiye).

European Coordination

International police cooperation was central in bringing the perpetrator to justice as the criminal had set up a sophisticated infrastructure spread across multiple countries to hamper law enforcement’s abilities to track him down.

Europol’s EFECC supported the investigation by bringing together the national investigators to establish a joint strategy and to organising the intensive exchange of evidence needed to prepare for final phase of the investigation.  Europol experts from its European Financial and Economic Crime Centre were also deployed to Spain to assist the Spanish national authorities with the action day.

Stay Safe!

Europol’s advice to prospective investors to avoid investment fraud:

  • Don’t rely on unsolicited marketing material/calls/emails or social media direct contact: Do an internet search for the company name and verify the contact information with the financial institution or firm directly.
  • Compare and confirm websites: Check for misspellings in the website, the complete website name (URL) and email address. Also, many consumer protection and financial market supervisory authorities publish lists of abused websites and warnings on current frauds.
  • Avoid unusual payment methods: Be cautious if you are instructed to send funds via wire transfer to an off-shore location, or if you are instructed to pay using cryptocurrency or other unusual payment method.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including investment fraud. The 13th EAST EPTF meeting took place on 29 June 2022.