Investigation Uncovers CEO Fraud Targeting Palma City Hall
Investigators have linked a series of sophisticated fraudulent acts to a technologically adept group described by authorities as one of the country’s more advanced hacker organizations. Over recent months, arrests have been made in Palma and Madrid, as part of a broader international effort to crack down on scheme-driven crime that exploits trusted supplier payments and digital authentication processes.
The case centers on a scheme in which attackers impersonated a cleaning services provider contracted by the Palma City Council. They manipulated bank account details to redirect payments for municipal services, accumulating a loss that far outweighed typical municipal fraud. The operation involved careful social engineering, forged documents, and electronic seals that looked authentic to the eye of the council’s contracting officers.
The fraud episode began when a routine request for bank confirmation arrived from the contracts division of the council. The messages claimed that the supplier was changing its bank account and that the council should update its records accordingly. In response, the council adhered to its established protocol, seeking formal proof of ownership and a stamped bank document to verify the supplier’s identity. According to sources familiar with the investigation, the criminals managed to forge documents that bore a realistic seal and an electronic signature, presenting them as authentic evidence of a legitimate change.
Two invoices were paid to the altered account on March 8, 2022, totaling 263,652 euros and 39,498 euros, respectively. In total, about 303,150 euros were routed through the altered account. Those behind the scheme were unaware of the fraud until the evidence surfaced, prompting a formal report to the National Police.
The case was brought to the attention of the Technological Crimes Group of Palma, a division of the National Police. The findings indicate that the Palma City Council fell victim to what is now widely referred to as CEO fraud, a form of cyber-enabled financial crime that relies on deception and procedural manipulation. The investigation traced the emails and funds to Madrid, prompting a coordinated response from a specialized Technological Crimes unit in the capital.
One of the most advanced hacker networks under scrutiny
Law enforcement analysts describe the group as a structured network capable of orchestrating similar frauds in other jurisdictions. The ongoing inquiry suggests the suspects are part of a broader, organized ensemble that has the potential to target additional councils or municipalities with comparable payment protocols.
In the most recent phase of the operation, four suspects were detained in a two-stage process. The arrests represent a significant disruption of what investigators consider one of the more sophisticated hacker gangs operating within the region. The cases underscore the need for robust verification measures and continuous vigilance against digital impersonation and payment fraud.
As a result of the fraud, the Palma City Council has strengthened its protocol around bank ownership verification, reinforcing the steps that confirm supplier identity before payments are issued. The aim is to reduce risk and prevent future instances of CEO fraud while maintaining efficient procurement processes for municipal services.
Authorities emphasize the importance of cautious behavior in electronic transactions. The volume of deceptive emails circulating online is a constant threat, and financial institutions and public bodies alike are urged to double-check unfamiliar correspondence. Local police services report that cybercrime complaints in the area are common, highlighting the need for ongoing education and proactive security measures across public sector entities.