The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

European Authorities Bust Phishing Ring

by Chris Brook on Monday July 12, 2021

Contact Us
Free Demo

The group, which was based in Romania, reportedly conned online consumers out of $2 million.

Just a few weeks after taking down DoubleVPN, a VPN service used widely by hackers, European enforcement agencies have another win: Disrupting a network of cybercriminals that bilked consumers out of over $2 million from phishing.

Eurojust, an agency that's part of the European Union and in charge of criminal justice proceedings, announced the action last week. As part of the takedown, Romanian, Greek, Spanish and Dutch authorities collaborated, resulting in the arrest of eight cybercriminals and the seizure of 220,000 Euros, $261,000 dollars, in cash, phones, and travel documents.

According to Eurojust, it sounds like the group relied on phishing scams to trick victims into downloading malware onto their devices, after which the cybercriminals perpetuated the fraud by posting fake advertisements of cars on eBay, fake properties on Airbnb, and so on, that victims believed were real. The group even made up fake but familiar sounding transport and payment companies to keep up the charade.

After paying for the illegitimate items, the scammers rerouted money from the victims’ credit cards and bank accounts to their own – then rerouted some of that money across borders, to different bank accounts and to companies they set up in different EU states, to conceal it further.

In total, the phishing ring, which was comprised of at least 300 bank accounts across Hungary, Spain, Poland, Germany, and the Netherlands defrauded online users out of at least $2 million in Euros.

While Eurojust was vague in its press release how exactly it tracked down and apprehended the cybercriminals, the action came about following a joint investigation via Romania – where the ring was based – and the Netherlands. Officials in Greece carried out three searches in Athens to complement the takedown as well.

The crackdown comes about two weeks after another international investigation, also led by officials in the Netherlands, the Dutch National Police, knocked DoubleVPN, a cheap VPN service frequented by cybercriminals, offline.

“On the 29th of June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN’s owners failed to provide the services they promised,” reads a seizure notice on, hinting that customers who thought they could use the tool to hide their location and internet traffic from law enforcement were incorrect.

Advertised on cybercrime forums, the Russian service claimed to offer an advanced level of anonymity thorugh single, double, triple, and even quadruple VPN services.

In theory, seizure of the service by officials in Europe, the US, and Canada, should make it more difficult for hackers who used it to hide their tracks. While cybercriminals will likely find another outlet or means to mask their location and identity, like most takedowns, it’s being viewed as a victory in the short term.

Eurojust and Europol, the EU’s law enforcement agency whose European Cybercrime Centre usually oversees such efforts, also supported the coordinated effort. Like many takedowns coordinated through Europol, it was a collaborative effort; in addition to the Netherlands, the US and Canada, authorities in Sweden, the UK, Italy, Germany, Bulgaria, and Switzerland also had a hand in the investigation.

In its announcement on the takedown, the UK’s National Crime Agency claimed that it was able to identify several UK businesses whose networks were accessed by DoubleVPN and that its services were used by “some of the world’s most prominent ransomware strains” to steal data and extort victims.

Tags: Cybercrime

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.