They scammed victims with promises of easy money online: State Police dismantle Albanian organization
The Public Prosecutor of Pordenone dott. Raffaele TITO and the Special Attorney Against Corruption and Organized Crime SPAK of Tirana (Albania) dott. Ened NAKUÇI concluded an articulated investigative activity that led to the issuance of three precautionary measures against as many Albanian citizens with top positions of an organization dedicated to frauds of fake online trading.
The investigators of the Pordenone Mobile Squad and the Cyber Security Operations Center of the Friuli Venezia Giulia Postal Police, with the collaboration of the Postal and Communications Police Service, the Central Operations Service and the Service for International Police Cooperation carried out Tirana, together with the Cybercrime Unit of the Albanian Police, five searches against the Albanian citizens arrested and in the offices of the call centers. It is estimated that the organization has defrauded several hundred Italian citizens residing throughout the national territory for an amount exceeding three million euros, although it is likely that the sums stolen are much more substantial.
The investigations began following a complaint received by the Pordenone Postal Police. The subsequent investigations brought to light a particularly complex fraud scheme, in which the victims, contacted by telephone, were convinced by the scammers to invest initially very low figures, which however generated apparent stratospheric returns. Some victims, in fact, saw the assets invested triple in a few days, viewing the returns through the consultation of trading platforms configured ad-hoc by the association to make the deal more credible.
In the course of more than 42.000 wiretaps carried out by Italian investigators, it emerged how much the scammers were skilled in using real persuasion techniques, to the point of convincing unsuspecting citizens to pay, over time, several hundreds of thousands of euros on foreign current accounts.
The scammers were particularly able to empathize with potential victims: the dialogues ranged from the pandemic emergency in progress to the personal sentimental and family situations of the victims and used the loneliness deriving from the pandemic measures to propose themselves as new friends and confidants.
It is impossible to trace a precise identikit of the victim: they are in fact both women and men of all ages. Housewives, professionals and retirees residing throughout the country eager to earn money quickly.
The first investment proposal involved buying € 250 in Amazon stock, and observing its return for a week. Based on what they learned in conversations with the victims, the scammers then proposed the extension of the investment in the BitCoin cryptocurrency which, they say, would grow significantly due to the induced product of the vaccine trade.
The association had set up a real call center, with different figures within it: there were in fact operators, who managed the first contact with customers and checked their willingness to invest, and real "consultants" who guided the I step the victims towards the investments they say are more profitable.
The loyalty of the "customer" became so effective that the victim, in most cases, consented to have the scammer work on his PC, who remotely arranged foreign bank transfers "in real time" using a remote control software called "Anydesk". The scammers, however, were not limited to this: in fact, it was frequent to check the emails, photographs and documents of the victims, all information that was exploited to do social engineering for the plagiarism of the unfortunate if they were reluctant to subsequent investments. At other times, in perceiving the hesitation of the victims, the scammers became aggressive and ruthless even by exploiting the information previously learned, to the point of convincing them to request funding dedicated to new investments.
In other cases, the victims spontaneously delivered the access credentials to their home banking services to their "consultant", in order to speed up investment operations by catching a particular market trend on the fly.
On the other hand, there were numerous reasons that the scammers put forward whenever the victims wanted to collect the false profits, among which there was a false commission to be paid, for the release of the money, to an alleged agency of the European Union due to Brexit. The figures, once again, were collected by the association which, obviously, did not even return the sum "invested".
The modus operandi of the organization was reconstructed through an intense activity of interception of the computer flows of the server used by the association to manage the call center which, through the VPN tunneling technique, allowed the obfuscation of the Albanian IP addresses actually used, allowing scammers to circumvent the alert systems of unsuspecting banking institutions.
The analysis of current accounts, carried out by investigators through investigations that involved various member countries of the European Union including Cyprus, Lithuania, Estonia, Holland and Germany, brought to light the fact that the money of the victims, in most of the cases, it was converted into cryptocurrencies linked to non-traceable foreign accounts.
Complex traditional and cyber investigation techniques, which have ranged from inspections and document acquisitions to the intersection of telephone and telematic records, to telephone and telematic wiretapping, have made it possible to identify the leading exponents of the organization, and in particular the administrator of the society, and two of the most trusted and highly skilled "consultants" in defrauding Italian citizens.
A decisive contribution to the investigation was provided by the vacation in Italy made by the two "consultants", a man and a woman of Albanian origin.
The association was recently reorganizing and expanding, having closed the intercepted server and opening two others, promptly seized during the operation.
In fact, yesterday, while the 5 searches were being carried out in Tirana and the precautionary measures were carried out, in Italy the contextual seizure of the Server in use by the association was carried out in Italy at the request of the Public Prosecutor of Pordenone, thus carrying out the shutdown of the infrastructure used by the association.
The survey data:
- The telematic investigations have revealed about 90.000 telephone contacts of Italian citizens, for the use of call center operators, ready to be hooked up for false investment proposals.
- About 1 Terabyte of telematic traffic passing through the server was analyzed during the telematic interception operations.
- About 42.000 phone calls made by the call center were intercepted.
- It is estimated that the movement of money could amount to some tens of millions of euros.
- As a result of the activity in Tirana, two Call Centers with more than 60 workstations equipped with personal computers and 2 servers connected to the workstations were seized.
- At the same time in Italy the server used by the association to obfuscate its computer traces and hinder investigations was also seized.
In order to avoid falling into the trap of self-styled online trading brokers, the State Police recommends:
- consult the sites of Consob and the Bank of Italy to be sure of contacting authorized intermediaries;
- Consult the “WARNING AND PUBLICATIONS FOR INVESTORS” section of ESMA (the European CONSOB) and check whether, towards the trader, other European authorities similar to CONSOB have published a warning to users;
- consult, through the search engines on the web, the reviews referring to trading companies;
- Be wary of those brokers who offer an out-of-market return (providing an economic return in high percentages);
- Do not fall into the further trap of fraudsters who, under the pretext of releasing reimbursements of what has already been "invested", require the payment of further sums of money as this represents a real extortion.
Excerpts from conversations between some victims and the organization.
Excerpt n.1:
Victim (crying):… I have already invested 31 thousand euros! I have no money left! I risked everything I had. I'm thinking of committing suicide.
Scammer: You have to pay a commission on wire transfers of € 4.500!
Victim: But I have already paid the last 4 thousand euros for the transfer fees!
Scammer: We don't care if it's your last money, this is another tax you need to pay for the Bank of England! Talk to you later!
Excerpt n.2:
Crook: The ECB is asking us that you provide the authorization code of your Poste bank account, you must give us this code otherwise you will not get your money back!
Victim (in COVID quarantine): Forget it, I'll never get my money back.
Crook: You still have to pay for my work. Pay me a thousand euros. If only you gave me the four-digit authorization code that the ECB is asking us, they would credit you with the money in your account within an hour!
Victim: I can't move from home.
Crook: there is no rush, because there is time until the middle of the month. Go to the post office and get the code.
Excerpt n.3:
Crook: Pay now 5.100 euros and you will get the capital of 51.000 euros.
Victim (distrustful): send me an email with the company data!
Crook: later…. What intentions do you have?
Victim: I want the invested capital back, otherwise I will file a complaint.
Crook: Go ahead….
Victim: can you send me the company documentation?
Crook (raising his voice): You have to pay 5.100 euros for taxes to get a refund of 51.000,00 euros, clear?
Victim: Explain better…
The crook hangs up
Excerpt n.4:
Crook: Hello, I am an operator of the European Central Bank, I am calling you about a capital of 48.000 euros blocked in your name for months.
Victim: I only invested 250 euros, maybe he is wrong person.
Crook: The investment company has continued to invest its money and for this there is a capital in its name of 48000 euros. He will send you the legal document of the Revenue Agency by e-mail. I'll call you back in the evening.