Italian Mafia Joins Forces With World Cybercriminals for the Heist of the Year

9/29/21

Max Sheridan


Mafia-cybercrime

Talk to any cybersecurity expert and they’d probably agree that cybercrime has gone off the rails in 2021. There was the instance of ransomware fraudsters attacking hospitals and schools, in addition to the latest, catastrophic T-Mobile data breach, where 40 million Americans had their Social Security numbers swiped.

But if you think that’s scary, imagine that Don Corleone was a cryptocurrency expert and highly trained cybercriminal with an international army of IT soldiers, recruiters, and money mules to carry out his bidding. Imagine that Corleone’s goal was to scam millions of law-abiding citizens out of their 401(k)s. Imagine that he succeeded.

This is the moment when you’d ask yourself: Do I really want to know if this story is true? Wouldn’t life be easier if I never found out?

Actually, you do want to know. For the sake of your digital security and that of your family. So — spoiler alert — yes, the Italian Mafia has actually branched out into cybercrime, and their latest multi-million-dollar phishing scam is just the tip of the iceberg.

The Italian Mafia’s $12-Million Phishing Scam

If you thought the only fishing they did in Sicily involved tunas and squid, unfortunately, you’d be wrong. Europol and Eurojust, the two main criminal justice organizations in Europe, just put the kibosh on a massive Mafia-led phishing operation that swindled victims to the tune of $11.7 million in 2020.

The mafiosi cyber scammers didn’t just target households. Taking their cue from 2021’s growing roster of emboldened ransomware hackers, they attacked businesses, too, using the same MO: cleverly worded emails rigged with infected links, a.k.a. phishing emails.

Did You Know: Interpol isn’t the only crime-fighting organization in Europe. There’s also Europol, which generally coordinates police efforts, and Eurojust, which serves as a liaison between prosecutors and judges.

Phishing? What’s That?

If you’ve never heard of phishing, you’ve probably experienced it. Eons ago (in phishing history), we’d get an email from a “prince” who had fallen on hard times and needed our help to “re-invest” his $10-million fortune. All we had to do was send the disgraced prince our bank details or click on a link in his email, and he’d make us millionaires, too. That was old-school phishing.

These days phishing has gotten a lot more sophisticated. Fraudsters will camouflage their malware-infested software in Google Drive notifications, SMS from the post office, or free promotions from companies you trust. Once they get you to click on a rotten button or divulge your sensitive details, the game is over. You’ve not only lost money, but you may have lost your identity, too.

FYI: Just how much phishing was there in 2020? According to the FBI, there were 241,324 incidents, almost 50 percent more than in 2019.

A Vast Network Fiendishly Deployed

The machinery and cyber techniques at the mob’s disposal may not be the most sophisticated. Remember, they’re the Black Hand, not the Fourteen Eyes. But their infrastructure is definitely eye-opening.

Europol confiscated burner SIMs, point-of-sale (POS) terminals, and hundreds of fake credit cards. That isn’t even touching on the actual phishing arm of the operation. And, just because this is the Mafia, a giant marijuana plantation was also involved.

Although the exact dimensions of the Italian-led cyber scheme aren’t clear yet, confiscated SIMs points to SIM swapping, or SIM jacking, where a grifter manages to gain control of a victim’s phone number and — via two-factor authentication — reset all their account passwords (email, digital payment, social media, Amazon, etc.).

Pro Tip: To prevent hackers from taking over your SIM, never use your birthday, house number, or ZIP code for your mobile pin. If a criminal has any of those details from a data breach, he can use them to SIM jack your phone. Once he’s broken into your phone, he can open your mobile apps and take control of your accounts.

The POS terminals nabbed in the sting likely mean that the wise guys were also involved in credit card theft. And we can only guess that because Europol was investigating property crime, the Mafia was using those stolen credentials for all-out identity theft.

In total, the cyber investigation has yielded 106 flesh-and-blood arrests in Spain and Italy so far. European police also froze 118 shell bank accounts the e-Mafia used to launder their black money.

Phishing Is Real, So Stay Alert

A wise guy phishing scam is definitely more than a minor fright. And while the wise guys might not have come for you this time, the fact that they’ve already made a fortune at email fraud is a sure sign that the face of cybercrime is changing. It’s getting more organized, with much fatter bankrolls, networks, and computing power.

So stay alert. Always practice good digital hygiene. Consider a quality VPN to mask your digital footprint and protect your household devices from malware. And always err on the side of “paranoia” when you’re not 100 percent sure about clicking on a link in an email or on a website.