Police Shut Down ‘16shop’ Platform Selling Phishing Kits To Scammers
Read also: A Bitfinex hacker pleads guilty, over €2M seized in a major crackdown on West African crime groups, and more.
Thursday, August 10, 2023
Interpol dismantles ‘16shop’ phishing-as-a-service platform
An Interpol-coordinated law enforcement operation has taken down 16shop, a phishing-as-a-service (PaaS) platform that provided cybercriminals with phishing kits designed to help steal credentials and other sensitive data such as personal or financial information.
Although 16shop's servers were hosted by a US-based company, its registration information showed that the platform’s administrator was based in Indonesia.
Two suspects were arrested in Indonesia, including an alleged 21-year-old platform’s operator, and one suspected associate was apprehended in Japan. The police also seized luxury cars and electronic equipment. It is estimated that the platform was used by around 70,000 customers who run their own scam operations across 43 countries.
Request your free demo now and talk to our experts.
“Bitcoin Bonnie and Crypto Clyde” plead guilty to laundering 120K bitcoin stolen in 2016 Bitfinex heist
A married couple from New York, Ilya Lichtenstein, 35, and Heather Morgan, 33, admitted to laundering around 120,000 bitcoin stolen during the 2016 cyber-attack on the Bitfinex crypto exchange.
According to the US authorities, Lichtenstein hacked Bitfinex’s systems using “advanced hacking tools and techniques” and stole 119,754 bitcoin from the platform. He then took steps to hide his involvement in the hack and enlisted the help of his wife in laundering the stolen money.
The couple was arrested in February 2022, after the US government seized 95,000 bitcoin (worth approx. $3.6 billion at the time). Lichtenstein pleaded guilty to conspiracy to commit money laundering, which carries a maximum penalty of 20 years in prison. His wife faces up to 10 years in prison for money laundering and conspiracy to defraud the US.
Several kingpins arrested, over €2M seized in a major crackdown on West African crime groups
An international law enforcement operation targeting West African cybercriminal groups such as the Nigerian ring “Black Axe,” has led to 103 arrests and the seizure of more than €2 million.
The Black Axe group is known for cyber-enabled financial fraud, including business email compromise attacks, romance scams, credit card fraud, tax fraud, and money laundering.
Dubbed ‘Operation Jackal,’ the operation took place in May 2023 and involved law enforcement agencies from 21 countries across the world. As a result, more than 200 bank accounts linked to criminal activities were blocked and several leaders of crime networks deemed to be a serious global security threat were arrested.
A Nigerian scammer stole over $1M from US firm through a BEC scheme
A Nigerian national has pleaded guilty to stealing $1.2 million from a US investment company via a business email compromise (“BEC”) scheme.
Onwuchekwa Nnanna Kalu, 39, and his accomplices hacked into an email account belonging to an employee at the victim company and planted the malware on the system, which forwarded emails with specific keywords to an attacker-controled account. The scammers then created a domain name similar to that of the victim company and set up fake accounts for two company’s executives using the spoofed domain. They then contacted a financial services firm in the UK and asked to transfer the funds belonging to the victim company to bank accounts under their control.
Nnanna Kalu was arrested in 2022. On August 4, he pleaded guilty in a US court to one count of wire fraud. His sentencing hearing is set for November 29, 2023.
3 suspected members of a banking card fraud ring caught in Spain
The Spanish police arrested three individuals believed to be members of a banking card fraud ring that stole thousands of euro via skimming and phishing techniques.
The group was mainly focused on ATM skimming targeting ATMs of Spanish national banks. The criminals obtained credit or debit card information via skimmers installed on the cash withdrawal terminals and used the data to make clones of the credit cards.
The gang also used social engineering techniques such as phishing to steal personal data that allowed them to impersonate their victims. The Spanish authorities estimated that the crooks pocketed more than €196,000 through illegal activities.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
