Police have arrested 14 people on suspicion of being part of a phishing gang that stole £1m from a single victim, spending the money on items ranging from cheeseburgers to high-end computers and gold bars.
A series of dawn raids in the UK have scooped up 14 people suspected of stealing £1m from a British woman via phishing emails.
The 12 men and two women were detained on Thursday morning in raids in London and the West Midlands. More arrests may follow in the coming days, according to Metropolitan Police Central eCrime Unit (PCeU) head Charlie McMurdie.
"These were dawn raids," McMurdie told ZDNet UK. "Enquiries are still ongoing regarding potential further arrests."
The phishing gang sent out unsolicited emails with links to a fake banking website. It used a series of bank accounts assigned to individual 'money mules' to launder £1m siphoned from the life-savings account of one woman who had divulged her details. The cash was transferred via the internet, the Metropolitan Police said in a statement.
"The stolen money was spent over a three-day period, after suspects embarked on a spending spree during the Christmas sales," the Met said. "The victim, a UK citizen currently living abroad after relocating to care for an ill relative, saw her savings disappear overnight after her bank account details were illegally obtained and unauthorised access to the account was gained."
The suspected 'money mule' launderers received between £9,000 and £75,000 each from the account. All of the 14 suspects were in custody at the time of writing, according to the Met.
Around 150 police officers were involved in the operation. They included members of the PCeU, 50 special constables, and police from three regional e-crime hubs in the East Midlands, York and Humber, and the North West.
"We wanted to make the best use of resources in relation to where the suspects were located," McMurdie said.
The police said the "sophisticated" phishing operation highlighted the need for people to take care when doing banking online, warning the public not to click on links in unsolicited emails.
"This is an example of how cybercrime creates real victims through the indiscriminate actions of the criminals involved," Detective Inspector Stewart Garrick said in the PCeU's statement.