Ukrainian cyberpolice have detained nine suspects for allegedly stealing bank card data in a major phishing campaign unleashed on fellow citizens during the ongoing Russian invasion.
“The attackers created more than 400 phishing links to obtain citizens’ bank card data and misappropriate money from their accounts,” read the announcement on Wednesday.
The scheme was exposed by officers of the Cyberpolice Department along with investigators for the Pechersk Police Department. The officers received guidance and assistance from the Pechersk District Prosecutor’s Office of Kyiv and specialists from the National Bank of Ukraine.
Police identified the nine suspects as responsible for creating and administering more than 400 fake websites used to phish bank data from unsuspecting Ukrainian citizens.
“Through the sites, Ukrainians were offered to form an application for payment of financial assistance from the European Union,” read the Ukrainian cyberpolice’s press release.
“After receiving bank data, the attackers made an unauthorized intrusion into online banking and withdrew money from citizens’ accounts,” the police added.
The threat actors tricked more than 5,000 Ukrainian citizens, and losses exceeded 100 million hryvnias ($3.36 million).
In raids on the homes of suspects, police confiscated computer equipment, mobile phones, credit cards, and money identified as being obtained through criminal purposes.
The Ukrainian cyberpolice also published a list of known phishing sites operated by the group and iurged potential victims to report their cases to the agency.
“Cyberpolice urges citizens to obtain information on financial payments only from official sources, not to follow questionable links and in no case to disclose confidential, including banking, information to third parties or to indicate such data on suspicious resources,” the release said.