A new fraud that starts with the theft of mobile phones by citizens concerns the Prosecution of Electronic Crime.
The investigation of the case began after a citizen complained, according to which a stranger stole his mobile phone while drinking coffee in a cafeteria.
Subsequently, the complainant received an e-mail, with which he was urged to enter, on a website that looked like an official application website, his login details to his "cloud" account. Convinced that this is the official website, completed the credentials of his account with the result that the perpetrator bypassed the security measures of the device and gained access to all its data, making it functional and available to new users.
The Cybercrime Prosecution conducted a digital investigation and analysis of the data and facts of the case, resulting in the detection of the new owner of the device, as well as the intermediate users involved in the process of placing it on the market for sale.
At the same time, from the digital analysis of the disputed electronic traces as well as from the subsequent police preliminary investigation., The involvement of a total of three people in the case has been identified.
In research conducted on Wednesday, 8 July 2020 by police officers of the Cybercrime Prosecution Directorate were found and confiscated (28) mobile devices, (2) laptops, (2) smart watches and a multitude of sim cards, declared under the data of aliens.
As for how to act (modus operandi) of the perpetrators are noted as follows, to inform citizens to avoid being victimized:
- they initially removed the device from its rightful owner by various methods (theft, robbery, burglary etc.),
- then the perpetrator of the removal of the device immediately resold it to his accomplice, for a very small monetary value compared to the real one,
- subsequently, they undertook the "unlocking" of the device, making use of the necessary data (IMEI number, contact info) stated by the rightful owner of the device in the "find phone" application,
- then the legal holder of the device (victim) he began to receive a series of deceptive messages (phishing sms/emails), with a sender posing as a branded company, who informed him that his device had been located and urged him to follow a hyperlink (link), containing the message, to show him the exact geographical location of the device,
- the victim believing that his device had indeed been located and that the message came from the company, following the hyperlink (link) which they pointed out to him, was going to a fraudulent website (phishing site), which resembles the official website and the "find phone" application, where he filled in the appropriate fields with the login details (credentials) of the staff of the “cloud” account.
- after the victim was typing the credentials of the account, on the fraudulent website, the perpetrator was given access to all his data (payment details, photos, Contact, personal files, etc.) and bypass the security of the device and "unlock" it.
- Finally, the perpetrators, having gained full control of the device, they reset it to its factory settings and then, had it for sale to unsuspecting buyers as a used one and at a price commensurate with its true value.
Investigations are ongoing to fully and thoroughly clarify related cases, while the participation of a number of other similar cases is still being investigated, interception and subsequent sale, devices derived from criminal activity.