Alicante is identified as one of Spain’s provinces with a higher risk of cyber threats. New data from the National Cybersecurity Institute (Incibe) shows a significant share of vulnerable devices located across the country, with Alicante contributing to a national total of 133,918 at risk. Projections indicate that Madrid, Barcelona, and Valencia will see even larger vulnerable-device counts, totaling 637,008, 443,304, and 157,478 respectively, based on analysis of 3.3 million devices connected to networks that may require security measures. Malware is commonly exposed or poorly structured online, creating easy entry points for hackers and facilitating theft through compromised devices.
Investigations led by the Civil Guard emphasize that Spain has seen a fivefold rise in cybercrime in recent years as internet-based transactions have become routine. Last year saw more than 5,000 complaints, and 2023 figures show no decline. There are currently about fifty active cases within the province, many with national and international implications. The digital realm enables actors to conduct operations from distant locations, which is why some arrests involve individuals who act as mules for larger networks, while leaders of these organizations are also identified.
Mules frequently attempt to pose as the owners of bank accounts to receive funds from victims. These funds often pass through multiple steps before reaching the network leaders, making traceability difficult. Benemérita notes that these criminal groups are highly structured, with a clear hierarchy and assigned tasks for each member.
Banking phishing remains the primary tactic used by organized gangs. Victims are lured into revealing banking credentials or installing malware that grants hackers access to accounts. Incibe reports that 48 percent of victims are private individuals while 52 percent are companies. In the previous year, 16,902 phishing incidents were recorded across the country, with updates expected for 2023 data.
Authorities observe that scams are growing more sophisticated. Earlier schemes involved email fraud in which fraudsters impersonated legitimate entities to obtain privileged information, demand payments, or install malware. The newer methods include man-in-the-middle techniques and CEO fraud, where attackers intercept communications and impersonate a company executive to induce payments to spoofed accounts. When viruses infect systems, attackers may demand ransoms to regain control, often demanding payments in cryptocurrency such as bitcoins.
Ragnar’s Gang
A notable operation led to the arrest of two hackers in late October, linked to a group known as Ragnar Locker. This organization focuses on coercing companies through data exfiltration and demanded ransom. The alleged ringleader was detained in the Czech Republic, with searches conducted in Ukraine as part of a larger international effort.
The operation involved eleven countries and aimed to dismantle the gang’s technological infrastructure and ransomware programs. One victim was a Vega Baja company whose servers were blocked after the attack. Europol coordinated the investigation jointly with national security and Incibe’s services under the Ministry of Finance. Ragnar’s network is believed to have targeted at least 52 organizations across 10 critical infrastructure sectors, using double-extortion methods to freeze systems and threaten to disclose stolen data. Among the victims were an Israeli hospital and a Portuguese airline.
In a separate international effort this year, Benemérita supported actions in France related to two individuals involved in money laundering tied to cyber fraud.
A growing trend is the love scam, where a person is targeted online or through social networks using a fake identity to create a sense of virtual romance. Victims may be duped into sending money or sharing sensitive information. In a notable case last February, officers from the dedicated cybercrime unit arrested a couple in Guardamar who allegedly extorted up to 57,000 euros from a Teulada woman through a simulated romantic relationship. The defendants posed as professionals and mentors, carrying on thousands of messages over months while requesting funds under false pretenses. Additional victims were drawn into similar schemes, with a sister-in-law also deceived in a related fraud.
Consolidation of Online Fraud Investigations
Local prosecutors report a surge in fraud cases tied to fake concerts and ticket sales. A single case has drawn more than a hundred complaints from victims across Spain. Scammers use mobile tickets that appear valid, but later prove unusable at venues. Police investigations in Alicante led to three arrests and the blockage of thirteen bank accounts. Incibe notes that about one in four inquiries originate from phishing-related concerns, with more than 1,345 people reporting experiences to the institute. Other common issues include sextortion, identity impersonation, and fake donations or rewards schemes.
The cybercrime response relies on preventive measures as well as rapid intervention. Experts stress the importance of strong passwords, two-factor authentication, keeping software up to date, avoiding suspicious links and attachments, using secure networks, especially in public Wi-Fi zones, and maintaining regular data backups to prevent operational paralysis.
Incibe offers technical support for cybersecurity incidents reported by individuals and businesses across Spain. The service operates around the clock to provide coordination and practical assistance against cyber threats. This support line remains available to citizens, companies, digital service providers, and critical operators to help prevent incidents and respond effectively when needed.