In 2022, a businessman from La Zubia, a town in Granada with a population of 19,593, received an email informing him that he needed to reset the password for his email account. He followed the link provided and changed his password without any issues. However, five minutes later, he lost mobile network connection on his phone. Concerned, he accessed his online banking from his company’s computer only to discover that his account, which contained 25,000 euros, had been emptied. His report led to an investigation by the Civil Guard, resulting in the arrest of seven individuals in Barcelona, Valencia, Zamora, and Malaga. These individuals were part of an organization that had defrauded at least 102 people, accumulating almost 3.4 million euros. The leaders, who were of Venezuelan nationality, orchestrated the operations from Malaga with the help of 74 collaborators in Venezuela.
The criminal organization used a consistent method to target victims. They would send fraudulent emails, enticing recipients to click on a malicious link. Once someone clicked on the link, the criminals were able to duplicate the victim’s phone SIM card, granting them control over the device. This allowed them to impersonate the victim on social media, access passwords, or request new ones. They specifically targeted digital banking accounts, which often use SMS verifications sent to the victim’s phone, which the criminals already controlled. With this information, the arrested individuals were able to access various services of the victims, including their bank accounts, in order to extract as much money as possible.
The criminals also used the victims’ personal information to open new accounts in their names, sometimes using the same identification up to 47 times. They exploited loopholes in the system that allowed them to open accounts without proper verification. In some cases, they enlisted individuals as “mulas” to transfer the stolen money to an account held by the organization in a Miami bank. The investigation into these crimes, which have been prevalent in the United States since 2015 and have gained traction in Spain over the years, was challenging due to the complexity of investigating foreign emails, bank accounts, and phones.
The arrests of the individuals responsible for the fraud took place in Barcelona, Valencia, Zamora, and Malaga. In Malaga, where the leaders resided, authorities seized two laptops, six mobile phones, two bank cards, two cryptocurrency cards, documentation, and a cryptocurrency wallet from their homes. After appearing in court, they were remanded in custody. The investigation, which uncovered 102 crimes but is believed to have multiple additional victims, shed light on the sophisticated computer system developed by the criminal organization that allowed them to amass nearly 3.4 million euros. The Civil Guard emphasized the prevalence of these types of crimes in Spain and the increasing challenges in investigating and combating them.
