The National Police report the arrest of two individuals in Alicante as part of a nationwide crackdown on a banking cyber fraud network that has already led to 54 detentions across Spain. Authorities say the group is linked to more than 80 fraudulent schemes that totaled over 150,000 euros. Victims’ bank credentials were accessed, enabling funds to be moved through mule accounts to obscure the true recipients of the illicit transfers (Police report, National Police).
Law enforcement identified a national crime syndicate that specialized in social engineering scams, including smishing, vishing, and phishing. In total, 54 suspects—10 women and 44 men aged 16 to 51—were arrested on charges of belonging to a criminal organization and committing fraud. The group is said to have deceived more than 150,000 people through more than 80 criminal acts across several provinces (Police report, National Police).
Investigations began in April, led by the Cybercrime Group of the Superior Police Headquarters in Valencia, in collaboration with the Xàtiva Local Judicial Police Brigade (Valencia).
Staff from a bank in Ontinyent (Valencia) reported months ago that one of their servers was attacked and several clients suffered fraud after receiving fake text messages and calls. Investigators are examining how cybercriminals obtained personal data to access online banking and authorize fraudulent transfers (Police report, National Police).
fake SMS messages
Members of the organization directed victims through email and SMS messages to malicious websites where personal data and bank passwords were entered. This initial step allowed criminals to gain access to victims’ online banking accounts (Police report, National Police).
Victims then received a call from a number posing as their bank, with details about pending transactions and a request for a security code delivered by text message. This social engineering tactic ensured the scammers could complete fraudulent transfers with the user’s supposed authorization (Police report, National Police).
Authorities traced the operation to a network of individuals acting as “mules.” These participants cooperated to receive defrauded funds and then transferred them to other bank accounts controlled by higher-ranking members of the group (Police report, National Police).
The police described a structured organization with defined roles, focusing on three distinct social engineering techniques—smishing, vishing, and phishing—and a clear division of labor to run the scheme (Police report, National Police).
Arrests in Alicante and Catalonia
During investigations that continued into July, investigators identified the suspects and arrested 54 people, including two in Alicante and most of them in the provinces of Barcelona and Lleida. The Barcelona City Judicial Police Brigade Cyber Crime Group assisted in the operation, and three mobile phones were seized for technical examination (Police report, National Police).
The operation enabled authorities to dismantle a broad network of bank mules who provided accounts for illicit transfers. Four detainees had prior criminal records and were handed over to the courthouse; the others were released after giving testimony and receiving a warning about future cooperation with judicial authorities (Police report, National Police).
types of fraud
The network relied on three well-known social engineering methods: smishing, vishing, and phishing.
Smishing involves sending fraudulent messages via SMS to obtain personal or financial information from the victim, frequently impersonating banks or card issuers and similar entities (Police report, National Police).
Vishing is a phone-based scam where a crook pretends to be a trusted entity to obtain personal or banking data, often using previously gathered details to build credibility with the victim (Police report, National Police).
Phishing aims to impersonate a financial institution or reputable organization, deceiving users into revealing credentials and other sensitive information (Police report, National Police).
Tips
The National Police offered several strategies to avoid falling prey to these scams (Police report, National Police).
1. Do not share personal data or respond to calls from unfamiliar numbers.
2. Be cautious of messages promising prizes or asking for personal data, private keys, or passwords to obtain them (Police report, National Police).
3. Regularly monitor bank statements to detect unauthorized transactions early (Police report, National Police).
4. Be skeptical of offers that guarantee rapid profits or require participation in banking transactions with unknown third parties (Police report, National Police).