Spain's National Police arrested 34 people allegedly involved in a cybercrime organization that made more than €3 million through various online scams such as smishing, phishing and vishing, 'son in distress' scams, and scams impersonating delivery companies and electric firms.

According to the police, the group gained access to databases of various financial and credit organizations, altered amounts in client accounts and then contacted those individuals informing them of an erroneous deposit and asking them to return the money by visiting a phishing site that captured their banking details.

The criminals also hacked into corporate databases and stole the personal data of millions of people, which they sold or used to perpetrate vishing campaigns impersonating electricity supply companies, phishing campaigns posing as banks, and other scams.

In one case, the fraudsters took advantage of one of their member’s position at a tech company to divert computer and electronic products bought by the firm to the criminal organization.

Additionally, the gang offered for sale fake websites of banks, mass message programs, and stolen information on cybercrime forums.

Spanish authorities conducted raids across 16 locations in Madrid, Malaga, Huelva, Alicante, and Murcia, seizing a database containing personal information of more than four million people, two simulated firearms, a katana sword, a baseball bat, €80,000 in cash, luxury vehicles, as well as computer and electronic material worth thousands of euros.