European Money Mule Action leads to 1803 arrests

Money Mule ActionThe anti-money mule operation EMMA 7 concluded today.  This is an international action coordinated by Europol in cooperation with 27 countries, Eurojust, INTERPOL, the European Banking Federation (EBF) and the FinTech FinCrime Exchange.

The operation resulted in 1,803 arrests and the identification of over 18,000 money mules.  It also revealed that money mules were being used to launder money for a wide array of online scams such as SIM-swapping, man in the middle attacks, e-commerce fraud, and phishing.

During  EMMA 7 law enforcement, financial institutions and the private sector, including Western Union, Microsoft, and Fourthline, cooperated in a concerted effort against money laundering in Europe, Asia, North America, Colombia, and Australia.

As well as targeting the laundering of profits through money muling networks, investigators also sought intelligence on the sources of these illicit profits, shedding more light on the size and nature of the criminal economies that money mules serve.

The European Money Mule Action ‘EMMA’, was established in 2016 on the initiative of Europol, Eurojust and the European Banking Federation.  It is the largest international operation of its kind, built around the idea that public-private information sharing is key to fighting complex modern crimes.  Around 400 banks and financial institutions supported the action, reporting 7,000 fraudulent transactions and preventing a total loss estimated at nearly €70 million.

Participating countries in EMMA 7 were: Australia, Austria, Belgium, Bulgaria, Colombia, Czech Republic, Estonia, Finland, Greece, Germany, Hong Kong-China, Hungary, Ireland, Italy, Moldova, Netherlands, Poland, Portugal, Romania, Singapore, Slovak Republic, Slovenia, Sweden, Switzerland, Spain, United Kingdom, United States.

Public Awareness is key for the Prevention of Money Muling

Unlike many financial crimes, money mules can be recruited unknowingly into criminal operations.  The organised crime groups do this by preying on groups such as students, immigrants, and those in economic distress, offering easy money through legitimate-looking job adverts and social media posts.  Ignorance is not an excuse and money mules break the law by laundering the illicit proceeds of crime.

To counter this Europol coordinated the ‘#DontBeAMule’ awareness campaign with all participant countries, law enforcement and the EBF (on behalf of the European banks), as a means to prevent more innocent bystanders being exploited by criminals and putting themselves at risk.

Online Fraud Group taken down in coordinated Police Action

An organised crime group (OCG) specialising in online fraud has been taken down by the Spanish National Police (Policía Nacional), supported by the Italian National Police (Polizia di Stato), Europol and Eurojust.

The OCG, linked to the Italian Mafia, was engaged in a wide range of online fraud activities such as phishing, SIM swapping and business email compromise (also known as CEO Fraud).  Hundreds of victims were defrauded and the illegal gains were laundered through a wide network of money mules and shell companies.  In just one year of operation the illegal profit is estimated at around €10 million.  The OCG was also involved in drug trafficking and property crime.

The successful combined police operation lasted over a year.

Overall results:

  • 106 arrests, mostly in Spain and some in Italy
  • 16 house searches
  • 118 bank accounts frozen
  • Seizures include many electronic devices, 224 credit cards, SIM cards and point-of-sale terminals, a marihuana plantation and equipment for its cultivation and distribution.

Criminal Network

The OCG was very well organised in a pyramid structure, which included different specialised areas and roles. Among the members of the criminal group were:

  • computer experts, who created the phishing domains and carried out the cyber fraud;
  • recruiters and organisers of the money muling;
  • and money laundering experts, including experts in cryptocurrencies.

Most of the suspected OCG members are Italian nationals, some of whom have links to Mafia organisations. The suspects, located in Tenerife in the Spanish Canary Islands, tricked their victims, mainly Italian nationals, into sending large sums to bank accounts controlled by the criminal network.

EFECCCross Border Cooperation

Europol facilitated the information exchange, the operational coordination and provided analytical support for the investigation. Two analysts and one forensic expert were deployed to Tenerife, and one analyst to Italy.  Europol also funded the deployment of three Italian investigators to Tenerife to support the Spanish authorities during the action day.

Europol’s Joint Cybercrime Action Taskforce (J-CAT) supported the operation. J-CAT is made up of cyber liaison officers from different countries who work from the same office on high profile cybercrime investigations.


The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of payment and transaction fraud, including SIM swapping and business email compromise, as well as related social engineering such as phishing.

To date the EAST EPTF has produced 20 Payment Alerts for EAST members, and has also published Fraud Terminology and Fraud Definitions to help standardise how fraud is categorised and reported.  The aim is for the terminology and definitions to be adopted globally when describing or reporting payment and terminal fraud.

SIM swapping gang taken down by Police

Ten hackers who stole over $100 million in cryptocurrencies from celebrities and influencers in SIM swapping attacks have been apprehended in an international operation co-ordinated by Europol.

Eight criminals were arrested on 9 February as a result of an international investigation into the series of attacks targeting high-profile victims in the United States. These arrests followed earlier ones in Malta and Belgium of other members belonging to the same criminal network.

The attacks orchestrated by the gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families.  The criminals are believed to have perpetrated the thefts after illegally gaining access to their phones.  The criminals worked together to access the victims’ phone numbers and take control of their apps or accounts by changing the passwords.  This enabled them to steal money, cryptocurrencies and personal information, including contacts synced with online accounts. They also hijacked social media accounts to post content and send messages masquerading as the victim.


SIM swapping fraud was identified as a rising trend in the latest Europol Internet Organised Crime Threat Assessment. Cybercriminals take over the use of a victim’s phone number by essentially deactivating their SIM and porting the allocated number over to a SIM belonging to a member of the criminal network.  This is typically achieved by the criminals exploiting phone service providers to do the swap on their behalf, either via a corrupt insider or using social engineering techniques.

SIM swapping


It’s not just celebrities who are under attack.  Anyone with a mobile phone can fall victim to SIM swapping. The above image gives some tips as to how to protect yourself against the threat, and information can also be found on Europol’s dedicated page.

For more advice on how to protect your financial information from such a scam, watch the clip below.

The EAST Payments Task Force (EPTF) focusses on the security of payments and transactions, and SIM swapping falls within its remit.