The investigation began after the affected company's manager filed an online complaint. The fraud originated when the company's financial director received an SMS impersonating her bank, falsely informing her of a 4,900 euro charge from a Hong Kong company and urging immediate action to cancel it via a provided link.
Upon clicking the link, the director was redirected to a website mimicking her bank's online banking interface. There, she entered her access and transaction signing credentials, allowing the fraudsters to fraudulently obtain her information.
Shortly thereafter, six transfers, ranging from 250,000 to 500,000 euros each, were ordered from various branches to bank accounts located in third countries within the European Union. The company did not realize the scam until the following day.
This type of fraud, known as smishing, involves sending text or instant messages that pretend to be from banking institutions, appealing to an urgency or threat that requires immediate reaction to avoid a suspicious charge.
The swift action of the Guardia Civil's Cibercomandancia, under operation Cibermot, was crucial. Its @ Team identified the modus operandi and traced the transactions, managing to halt all six transfers within 24 hours of their initiation. The funds, totaling over 2.2 million euros, were blocked and made available to the complaining company.
The Guardia Civil continues its investigation to identify the foreign account holders and determine the criminal liabilities of the alleged perpetrators. Additionally, it has issued recommendations to prevent such frauds, including distrusting bank SMS messages with links, not providing credentials via phone or message, and immediately reporting any suspicious activity.
