Risky Bulletin: Europol Arrests Massive Credit Card Fraud Ring

Podcast: Risky Bulletin – Host: risky.biz
Episode Date: November 7, 2025
Prepared by: Catalyn Kimpanu, Read by Claire Airdrop

Episode Overview

This episode covers major global cybersecurity news, with a primary focus on Europol's arrest of a credit card fraud ring embedded in German payment service providers. Additional stories span international cybercrime, high-profile scams, law enforcement crackdowns, tech company controversies, and industry developments.

Key Discussion Points & Insights

1. Europol Arrests 18 Linked to Credit Card Fraud Ring (00:04)

• Story: Europol arrested 18 suspects for orchestrating a credit card scam charging roughly €50/month to individual's cards by subscribing them to fake pornography, dating, and streaming sites.
• The ring has been active since 2016, netting over €300 million illegally.
• Notably: Five arrestees were payment service provider executives who allegedly enabled fraudsters to use their networks for a fee.
• Insight: The incident highlights how legitimate financial service infrastructure can be exploited at high organizational levels.

Quote (Claire, 00:21):

“Five of those detained held executive roles at German payment service providers. Europol says the executives let the fraudsters use their company networks in exchange for a fee.”

2. Meta Profits from Scam Ads (01:04)

• Findings: About 10% of Meta’s annual revenue—over $16 billion—comes from advertisements selling banned products or scams, per Reuters.
• Meta often charged higher fees to known scammers rather than suspending their accounts.
• Action on scams mainly occurred when regulatory scrutiny seemed imminent.

Quote (Claire, 01:31):

“Meta would just charge higher fees to known scammers rather than block their accounts. The report also said Meta executives agreed to only address scams when there was a likelihood of regulatory action.”

3. UK Takes Action on Phone Number Spoofing (02:03)

• By 2026, UK mobile carriers will block calls from spoofed international numbers, combatting scam calls impersonating UK phone numbers.
• New technology will assist law enforcement in tracking scammers.

4. China Sentences Cybercrime Figures to Death (02:27)

• Five members of the Bai crime family sentenced to death in China for running cyberscam operations from Myanmar.
• Other family members received life or long-term prison sentences.
• Similar sentences issued in September to the Ming crime family for related crimes.

5. European and Middle Eastern Cybercrime Developments (02:55)

• Georgia: German national arrested for involvement in a scam group operating call centers across Europe and Israel, netting $275 million.
  • The group was exposed by 32 media outlets in March.
• Iraq: Police arrested a 14-year-old who reportedly extorted children via Roblox, leading to multiple suicides across Arab countries.

Disturbing Detail:

“The victims were pressured into acts of sexual self-harm, animal abuse and suicide. Thirty children across several Arab countries took their own lives.” (Claire, 03:40)

6. South Korean Telco KT Concealed Second Breach (04:14)

• KT secretly tried to clean up BPF door malware detected on 43 servers, not reporting it to authorities.
• The breach was uncovered during a government probe of an earlier security issue involving fraudulent micropayments.

7. Dutch Broadcaster Knocked Offline by Hack (04:45)

• RTV Nord suffered a breach: website defacement, login outages, manual DJ operation for hours.
• Incident underscores media infrastructure vulnerability.

8. UK Retailer Marks & Spencer Hit by Breach Losses (05:13)

• April breach led to £136 million profit drop compared to previous year.
• Executives project business recovery by March 2026.

9. Romance Scam Gang Busted (05:38)

• Five Cambodians arrested in Vietnam, connected to scams run from Bavet.
• Gang targeted South Koreans, stealing $3.2 million.
• Arrest followed cross-border law enforcement collaboration.

10. Capital One Hacker Sentence Reinstated (06:03)

• Paige Thompson’s original sentence (time served plus five-year probation) stands.
• US court had pushed for more prison time, but the judge ruled incarceration would prevent access to gender transition care, justifying leniency.

11. Malicious NuGet Packages Target Databases and Industrial Systems (06:35)

• Socket Security found packages published in 2023-24 set to trigger destructive behavior in 2027-28.
• Eight packages randomly shut down databases, while a ninth disables industrial PLCs.

12. Gootloader Botnet Returns (07:08)

• After a year of inactivity, Gootloader resumes campaigns using SEO poisoning to direct victims to malware.
• Now used for malware and ransomware deployment.

13. Chinese-linked Linux Backdoor Identified (07:32)

• V Shell backdoor linked to UNC5174, per Nvizo researchers.
• Google previously connected the group to China’s Ministry of State Security.

14. Russian Military Hackers Deploy New Wipers in Ukraine (07:52)

• Sandworm group used new STING and 0 LOT wipers against Ukrainian government, energy, logistics, and agriculture.
• Believed to be part of strategy to weaken Ukraine’s economy.

15. Google’s Acquisition of Wiz Clears DOJ Review (08:09)

• Google’s $32 billion acquisition of Israeli cloud security startup Wiz expected to close in 2026 following antitrust approval.

16. Chrome Autofill Now Supports IDs (08:28)

• Google Chrome can autofill government-issued IDs like passports and driver’s licenses; more types coming soon.

Notable Quotes & Memorable Moments

• “Meta would just charge higher fees to known scammers rather than block their accounts.” (Claire, 01:31)
• “The victims were pressured into acts of sexual self-harm, animal abuse and suicide. Thirty children across several Arab countries took their own lives.” (Claire, 03:40)
• “The telco discovered the BPF door malware on 43 servers and tried to clean it up without notifying authorities.” (Claire, 04:14)

Segment Timestamps

| Section | Timestamp | |------------------------------------------------------|-----------| | Europol Credit Card Ring Arrests | 00:04 | | Meta Scam Ad Revenue | 01:04 | | UK Blocks Spoofed Call Numbers | 02:03 | | Cyber Scam Convictions in China | 02:27 | | Georgia & Iraq Cybercrime Stories | 02:55 | | South Korean Telco Breach | 04:14 | | Dutch Broadcaster Hacked | 04:45 | | Marks & Spencer Breach Impact | 05:13 | | Cambodia-Vietnam Romance Scam Bust | 05:38 | | Paige Thompson Sentence | 06:03 | | Malicious NuGet Packages Found | 06:35 | | Gootloader Botnet’s Return | 07:08 | | Chinese-linked Linux Backdoor | 07:32 | | Russian Wipers in Ukraine | 07:52 | | Google-Wiz Acquisition Approved | 08:09 | | Chrome Autofill Updates | 08:28 |

Tone and Language

The reporting style is concise, factual, and neutral, with occasional stark language underscoring the seriousness of incidents (e.g., Meta's revenue motives; disturbing outcomes in child exploitation and scam death sentences). The podcaster maintains a rapid, informative cadence, typical of cybersecurity news briefings.

Summary

This episode provides a broad yet detailed synthesis of global cybersecurity events, focusing on major investigative breakthroughs and new threats while contextualizing commercial and technical developments across the industry. Whether dealing with high-level fraud, regulatory responses, or evolving threat landscapes, the Risky Bulletin delivers clear, impactful updates valuable for industry professionals and engaged listeners alike.