Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Group-IB helps Dutch police identify members of phishing developer gang Fraud Family

Media Center Press Releases
July 22, 2021 · 4 min to read
Anton Ushakov
Fraud
Investigation
Roberto Martinez
Threat Intelligence

Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has assisted the Dutch National Police in the operation to apprehend alleged members of a cybercriminal group codenamed “Fraud Family”. Group-IB’s Amsterdam-based team has identified the individuals behind the Dutch-speaking syndicate that develops, sells and rents sophisticated phishing frameworks and shared their findings with the authorities. According to the police, the operation resulted in the arrest of two suspects, a 24-year-old man and his 15-year-old accomplice, who are thought to be the developer and seller of the phishing frameworks distributed by the Fraud Family. The 24-year-old suspect will be brought arraigned before the examining magistrate in Rotterdam on Friday, while his 15-year-old accomplice has since been released pending further investigation.

A typical attack, analyzed by Group-IB researchers, started with an email, SMS, or WhatsApp message impersonating a real financial organization. Using well-known brands, fraudsters gained users’ immediate trust. These fake notifications contained malicious links to adversary-controlled phishing websites that steal payment info.

The detailed technical analysis of Fraud Family’s operations is available in Group-IB’s blog post.

Having analyzed the technical infrastructure and phishing templates used in these fraudulent campaigns, Group-IB researchers uncovered a massive Fraud-as-a-Service operation. The cybercriminal syndicate behind it, which develops, sells and rents sophisticated phishing frameworks to other cybercriminals, targeting users mainly in the Netherlands and Belgium, was codenamed Fraud Family. These frameworks include phishing kits tools and resources used to steal information and web panels that allow cybercriminals to interact with the actual phishing site in real time and are used to collect and manage the stolen user data. The complete „plug and play„ phishing service keeps the framework under control and prevents it from leaking to the public.

Group-IB’s cyber investigations experts found out that Fraud Family members actively use Telegram messenger to advertise their services to other less skilled fraudsters. These services included the sale of phishing tools or the rent of ready-to-use infrastructure that comes equipped with the phishing framework and anti-bot tools to prevent crawlers, automated analysis tools and services like VirusTotal and URLScan, and researchers from accessing the phishing sites. Any fraudster can rent the Express Panel for €200 per month or the Reliable Panel for €250.

Group-IB cyber investigations team discovered at least eight Telegram channels operated by the Fraud Family gang. The whole network of channels has close to 2,000 subscribers. Their most popular group has 640 members. According to Group-IB assessment, half of these users could be actual buyers.

We have analyzed the panel’s source code, found the roots of the threat, restored the timeline of its evolution. We’ve also examined groups and sellers that were distributing phishing panels and distinguished the core team Fraud Family. During our research, we have observed group members, determined their roles and functions in the gang, collected their personal identifiers and provided the information to police.

Anton Ushakov
Anton Ushakov

Deputy Head of the Group-IB’s High-Tech Crime Investigation Department, Europe

Digital fraud such as phishing is a social problem that requires an integrated approach. This approach involves a joint effort between the Police, Public Prosecutors, banks, government agencies and others together for investigation, prosecution and prevention.

Witeke Koorn

Dutch Public Prosecutor, Attorney

Further findings indicate that all of the panels designed to target customers of the Dutch and Belgian banks are different versions, or forks, of U-Admin, which is the panel initially developed by a Ukrainian threat actor nicknamed Kaktys. It turned out that the market of phishing frameworks in the Netherlands and Belgium is being dominated by Fraud Family. The gang tuned and customized phishing frameworks like U-Admin and gave them new names.

Fraud Family’s panels inherited features of its initial version produced by the Ukrainian developer, which allowed us to track the panels and conduct investigation faster and more efficiently. Fraud Family distributed the panels only via Telegram, they didn’t have any Dark Web topics whatsoever. The way of conducting investigation in messengers is slightly different from classic underground forums. Based on our 18 years of hands-on experience, it was challenging not to track them but rather to attribute each panel or phishing website to a particular group because they used pretty much the same source code.

Roberto Martinez
Roberto Martinez

Senior Threat Intelligence analyst at Group-IB, Europe.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Read next
Top Women in Security ASEAN Awards 2025
November 13, 2025
Group-IB’s High-Tech Crime Investigations team triumphs at Top Women in Security ASEAN Awards 2025
October 21, 2025
Group-IB launches Asia-Pacific’s first Cyber Fusion Center in Singapore
October 9, 2025
Group-IB Intelligence Powers Spanish Guardia Civil Operation to Dismantle the “GXC Team” Cybercrime Syndicate
September 30, 2025
Group-IB and Cyber Samurai join forces to enhance cyber resilience in the DACH region
September 26, 2025
Group-IB supports INTERPOL’s “Operation Contender 3.0”, leading to the arrest of 260 suspects in Africa
September 25, 2025
Group-IB Unites Partners to Strengthen Turkey’s Cybersecurity Landscape
Go to all Press Releases →