Online shopping fraud – Police arrest 59 people in cross-border operation

Online shopping fraud (also known as e-commerce fraud) is a rising threat. To counter this a coordinated crackdown has seen 59 scammers arrested and new investigative leads triggered all across Europe as part of Europol’s 2022 e-Commerce Action (eComm 2022). 19 countries took part in the successful action, which was coordinated by Europol’s European Cybercrime Centre (EC3) and the Merchant Risk Council (MRC). Direct assistance was received from merchants, logistic companies, banks, and payment card schemes.  Investigations are still ongoing in various countries, with more arrests expected in the coming weeks.

Online Payment Security

Online payments in Europe are generally very secure, mainly due to the wide implementation of Secure Customer Authentication (SCA).  SCA is a European regulatory requirement aimed at reducing fraud and making online and contactless offline payments more secure.  Broadly speaking customers shopping online may be asked to verify their identity with two factors during the checkout process.

To counter this criminals are continuously altering their techniques to unlock new ways of stealing money. eComm22 has identified the following threats to the e-commerce sector:

  • Phishing, vishing (Voice phishing) and smishing (SMS phishing) fraud:  These are techniques for fraudulently obtaining private information.  The criminals contact people by phone, text messages, messaging apps or email and attempt to convince them to hand over their credit card information. Sometimes these attacks promise a reward, other times they impersonate a trusted business or a government agency.
  • Account Takeover (ATO) Fraud: This is a form of identity theft in which the fraudster gets access to a victim’s bank or credit card accounts and uses them to make unauthorised transactions.
  • Fake websites (also referred to as Triangulation Fraud): These are websites that are not  legitimate venues designed to entice the visitor into revealing sensitive information, to download some form of malware, or to purchase products that never arrive.  eComm22 highlighted their use to entice buyers with cheap goods. Sometimes these fake websites appeared in ads, or links were sent to a user’s email directing them to the website through a phishing attempt. The catch is that these goods don’t actually exist, or are never shipped.

How to Protect Against Online Shopping Fraud

Online Shopping FraudEuropol, in conjunction with European Law Enforcement and the MRC, has today launched an awareness campaign that will be promoted through the hashtag #SellSafe.  This shares practical advice on how to outwit criminals trying to abuse the online shopping experience.  The aim  is to make e-commerce more secure by promoting safe online purchasing methods and by helping new merchants to open online shops without the risk of cyberattacks.

Some key tips for online shoppers are:

  • Never send your card number, PIN or any other card information to anyone by e-mail.
  • Never send money to anyone you don’t know.
  • Always save all documents related to your online purchases.
  • If you are not buying anything, don’t submit your card details.
  • Check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.
  • For more information read Europol’s Tips And Advice To Avoid Becoming A Fraud Victim

Some key tips for e-business owners are:

  • Ensure all your employees are aware of the fraud issues affecting online stores.
  • Stay up to date on the types of payment fraud affecting businesses and have the tools in place to prevent them. Your national payments organisation will have details on payment fraud types.
  • Get to know your customers in order to be able to verify their payments.
  • For more information read Europol’s advice on Safe Sales, Safe Revenue

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, online shopping fraud. The 14th EAST EPTF meeting took place on 9 November 2022.

European Money Mule Action leads to 1803 arrests

Money Mule ActionThe anti-money mule operation EMMA 7 concluded today.  This is an international action coordinated by Europol in cooperation with 27 countries, Eurojust, INTERPOL, the European Banking Federation (EBF) and the FinTech FinCrime Exchange.

The operation resulted in 1,803 arrests and the identification of over 18,000 money mules.  It also revealed that money mules were being used to launder money for a wide array of online scams such as SIM-swapping, man in the middle attacks, e-commerce fraud, and phishing.

During  EMMA 7 law enforcement, financial institutions and the private sector, including Western Union, Microsoft, and Fourthline, cooperated in a concerted effort against money laundering in Europe, Asia, North America, Colombia, and Australia.

As well as targeting the laundering of profits through money muling networks, investigators also sought intelligence on the sources of these illicit profits, shedding more light on the size and nature of the criminal economies that money mules serve.

The European Money Mule Action ‘EMMA’, was established in 2016 on the initiative of Europol, Eurojust and the European Banking Federation.  It is the largest international operation of its kind, built around the idea that public-private information sharing is key to fighting complex modern crimes.  Around 400 banks and financial institutions supported the action, reporting 7,000 fraudulent transactions and preventing a total loss estimated at nearly €70 million.

Participating countries in EMMA 7 were: Australia, Austria, Belgium, Bulgaria, Colombia, Czech Republic, Estonia, Finland, Greece, Germany, Hong Kong-China, Hungary, Ireland, Italy, Moldova, Netherlands, Poland, Portugal, Romania, Singapore, Slovak Republic, Slovenia, Sweden, Switzerland, Spain, United Kingdom, United States.

Public Awareness is key for the Prevention of Money Muling

Unlike many financial crimes, money mules can be recruited unknowingly into criminal operations.  The organised crime groups do this by preying on groups such as students, immigrants, and those in economic distress, offering easy money through legitimate-looking job adverts and social media posts.  Ignorance is not an excuse and money mules break the law by laundering the illicit proceeds of crime.

To counter this Europol coordinated the ‘#DontBeAMule’ awareness campaign with all participant countries, law enforcement and the EBF (on behalf of the European banks), as a means to prevent more innocent bystanders being exploited by criminals and putting themselves at risk.

60 arrested in connection with e-commerce fraud

e-commerce fraud

Advisory Group on Financial ServicesA joint law enforcement operation, coordinated by Europol’s European Cybercrime Centre (EC3) and  supported by 19 countries, led to the arrest of 60 people suspected of e-commerce fraud. The main aim of the 2019 e-Commerce Action (eComm 2019) is to target criminal networks suspected of online fraud through coordinated law enforcement action within the European Union, followed by an awareness-raising campaign.  The operation ran from 23 September to 4 October 2019.

E-commerce fraud includes illegal or false transactions made on online platforms, apps and services or over the internet: fraudsters simply use stolen card information to purchase goods on webshops.  The suspects arrested during the operation were responsible for almost 6,500 fraudulent transactions with compromised credit cards, with an estimated value exceeding €5 million.

Europol supported national competent authorities during the operations in their respective countries with analytical support and information exchange. In order to protect customers from fraudulent payments and assure a safe online environment, Europol also collaborated with banks, payment card schemes European retailers and logistics companies. The private sector supported the action cooperating with national law enforcement authorities, by reporting fraudulent activity. This collaboration between law enforcement and the private sector has proven beneficial and led to the development of best practices.

To protect consumers and provide them with more information, the Payment Service Directive 2 (PSD 2) came into effect in September 2019. One important aspect of the PSD 2 is described as Secure Customer Authentication (SCA), a secure process for customers when paying online.


It is always better to prevent a crime, rather than solve a crime. This operational action was followed by a prevention and awareness-raising campaign, #BuySafePaySafe. There are a number of guidance measures you can follow to avoid becoming a victim of fraud:

  • make sure the device you are using to make online purchases is properly configured and the internet connection is safe;
  • using a card is a safe method of payment online as long as you exercise the same care as in other shopping;
  • there are simple warning signs that can help you identify scams. If you are a victim of online fraud, report it to the police. If you bought the product with a credit or debit card, report it to your bank as well;
  • check your online banking service regularly. Notify your bank immediately if you see payments or withdrawals that you have not made yourself.​

Read more about safe online shopping on e-Commerce: tips and advice to avoid becoming a fraud victim. and watch the below video to see how making the wrong choice can be very costly.

The EAST Payments Task Force (EPTF) is focussed on security issues affecting the payments industry, such as e-commerce fraud.


45th EAST Meeting hosted by EC3 at Europol

EC3The 45th Meeting of EAST National Members was hosted by the European Cybercrime Centre (EC3) at Europol on 6th June 2018. National country crime updates were provided by 21 countries, and a global update by HSBC.  Topics covered included payment fraud and the evolution of payment technology, ATM malware and logical attacks, terminal related fraud attacks and ATM related physical attacks.

EC3 presented on the latest initiatives and events relating to e-commerce fraud prevention, global airport actions (GAAD) to combat online fraud involving stolen or fake credit card data to purchase plane tickets, actions relating to virtual currencies, the Europol-ASEAN Strategic Payment Card Fraud Meeting, and provided updates on Advisory Group activities relating to Internet Security, Communication Providers and Financial Services.

Presentations were also given by the EAST Payments Task Force (EPTF) and the EAST Expert Group on ATM and ATS Physical Attacks (EGAP).  An update was given by the EAST Expert Group on All Terminal Fraud (EGAF).

EAST Fraud Update 2-2018 will be produced later this month, based on the national country crime updates provided at the meeting.  EAST Fraud Updates are available on the EAST Website to EAST Members.

The 46th EAST Meeting will be held in London on 9th October 2018 and will be followed by EAST FCS Seminars on 10th October 2018 at the same venue.