Law enforcement authorities across Europe have arrested several dozen suspects in what Europol said was the first region-wide action targeting e-commerce fraud.
The coordinated raids resulted in the arrest of 42 suspects in the UK as well as Austria, Finland, France, Greece, Ireland, the Netherlands, Portugal, Romania and Spain, Europol said.
The suspects allegedly purchased goods such as digital devices, electronic appliances, clothing and watches in more than 3,000 transactions worth more than €3.5 million (£3.14m) from online shops using stolen credit card data.
In one case a single individual was charged with fraud amounting to €600,000, while another suspect was found to be employed by a delivery company.
Such transactions are difficult to investigate because of their digital and cross-border aspects, and in this case authorities pieced together 3,000 distinct investigations into 40 international cases, Europol said.
Police targeted locations where illegally purchased goods had been delivered, with assistance from online vendors, payment organisations and logistics companies.
They searched 120 locations and intercepted a number of illicit packages, finding links to other crimes including ID fraud, phishing, cyber-attacks, romance fraud, illegal use of stolen passport, illegal immigration, a money laundering scheme worth €1.5 million, and political extremism.
The operation was coordinated by Europol from its headquarters in The Hague with specialists from the organisation’s European Cybercrime Centre (EC3) deployed in member states to support local authorities.
In a separate case, US law enforcement authorities arrested Dwayne C. Hans, 27, of Richland, Washington, charging he broke into the website of a US government system used to pay contractors and attempted to commit wire fraud.
In this case the officials’ task was made easier by several amateurish blunders they said Hans committed, including registering the bank accounts he used under his own name and home address.
Hans broke into the United States General Service Administration’s Systems for Awards Management (SAM) website, SAM.gov, from an IP address registered under his own name and provided the system with his personal email address, authorities said in a legal filing.
Are you a security pro? Try our quiz!