Security service says operatives used spoof emails to invite academics and business people to Europe, some under the guise of a conference