IOCTA 2021 Published by Europol

Europol has published its Internet Organised Crime Threat Assessment for 2021 (IOCTA 2021).  This highlights 5 Key Threats:

  • Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks.
  • Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication (2FA).
  • Online shopping has led to a steep increase in online fraud.
  • Explicit self-generated material is an increasing concern and is also distributed for profit.
  • Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and cryptocurrencies.

IOCTA 2021 looks into the (r)evolutionary development of these trends, catalysed by the expanded digitalisation of recent years.

  • Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals.
  • While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts.
  • The increase of online shopping in general has attracted more fraudsters.
  • With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly.
  • Grey infrastructure, including services offering end-to-end encryption, VPNs and cryptocurrencies continue to be abused for the facilitation and proliferation of a large range of criminal activities.

This has resulted in significant challenges for the investigation of criminal activities and the protection of victims of crime.

“Cybercrime is a reality and law enforcement worldwide needs to catch up,” said Edvardas Šileris, Head of Europol’s European Cybercrime Centre (EC3), ”…….Only by working together can we create innovative ideas and practical approaches that can put a halt to cybercrime acceleration. It is essential to establish the environment and resources required to do so,” he added.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including social engineering and online transactions.  The 11th EAST EPTF meeting took place on 10 November 2021.

Online Fraud Group taken down in coordinated Police Action

An organised crime group (OCG) specialising in online fraud has been taken down by the Spanish National Police (Policía Nacional), supported by the Italian National Police (Polizia di Stato), Europol and Eurojust.

The OCG, linked to the Italian Mafia, was engaged in a wide range of online fraud activities such as phishing, SIM swapping and business email compromise (also known as CEO Fraud).  Hundreds of victims were defrauded and the illegal gains were laundered through a wide network of money mules and shell companies.  In just one year of operation the illegal profit is estimated at around €10 million.  The OCG was also involved in drug trafficking and property crime.

The successful combined police operation lasted over a year.

Overall results:

  • 106 arrests, mostly in Spain and some in Italy
  • 16 house searches
  • 118 bank accounts frozen
  • Seizures include many electronic devices, 224 credit cards, SIM cards and point-of-sale terminals, a marihuana plantation and equipment for its cultivation and distribution.

Criminal Network

The OCG was very well organised in a pyramid structure, which included different specialised areas and roles. Among the members of the criminal group were:

  • computer experts, who created the phishing domains and carried out the cyber fraud;
  • recruiters and organisers of the money muling;
  • and money laundering experts, including experts in cryptocurrencies.

Most of the suspected OCG members are Italian nationals, some of whom have links to Mafia organisations. The suspects, located in Tenerife in the Spanish Canary Islands, tricked their victims, mainly Italian nationals, into sending large sums to bank accounts controlled by the criminal network.

EFECCCross Border Cooperation

Europol facilitated the information exchange, the operational coordination and provided analytical support for the investigation. Two analysts and one forensic expert were deployed to Tenerife, and one analyst to Italy.  Europol also funded the deployment of three Italian investigators to Tenerife to support the Spanish authorities during the action day.

Europol’s Joint Cybercrime Action Taskforce (J-CAT) supported the operation. J-CAT is made up of cyber liaison officers from different countries who work from the same office on high profile cybercrime investigations.


The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including SIM swapping and business email compromise, as well as related social engineering such as phishing.

To date the EAST EPTF has produced 20 Payment Alerts for EAST members, and has also published Fraud Terminology and Fraud Definitions to help standardise how fraud is categorised and reported.  The aim is for the terminology and definitions to be adopted globally when describing or reporting payment and terminal fraud.