Spanish, US Authorities Dismantle Cybercrime Ring That Defrauded Victims of $5.3 Million

Madrid based international cybercrime gang cracked after defrauding victims of more than $5.3 million.

Based in Madrid, the international criminal organization employed a sophisticated scam that involved phishing, social engineering, smishing, and vishing to trick victims into sharing details about their bank accounts to steal money from them.

Authorities arrested eight individuals in Madrid and one in Miami, seized high-value objects – including watches valued at more than $200,000, jewelry, dozens of mobile phones, laptops, desktop computers, and tablets – and blocked 74 bank accounts, freezing over $500,000 in assets.

The investigators also discovered bags of clothing and shoes from luxury brands, bank cards, documentation, false passports and identity documents, and a compressed air gun.

Focused on defrauding American firms and individuals, the scheme involved the use of social engineering, phishing, and smishing to gather sensitive information about the potential victims, mainly regarding their financial assets.

At the second phase of the scheme, the attackers contacted the intended victims via phone (vishing), spoofing the calls to hide their identity, to obtain additional information required to complete the scam, either through online purchases or transfers to bank accounts controlled by the attackers.

In some instances, the attackers engaged in three-way calls, interacting with both the victim and their North American financial institution, to obtain verification and authorization codes to complete the fraudulent transactions.

The cybercriminals registered over 100 bank accounts they used as part of the operation. In less than a year, roughly $5.3 million was transferred to the fraudsters’ bank accounts.

Overall, the cybergang is believed to have made more than 200 victims (both individuals and organizations), with the total losses potentially exceeding $7.5 million.

Once the money was transferred to their bank accounts, the cybercriminals transferred it abroad, converted it to cryptocurrency, or withdrew it at ATMs using money mules.

The bank accounts opened in Spain were directly controlled by a single individual, who used numerous false documents as part of the illicit activities. The accounts were opened in the name of third-parties, either working directly with him or recruited by him.

This material is for informational purposes only and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Artefaktum  has no responsibility or liability for any decision made or any other acts or omissions in connection with Reader’s use of this material.

Artefaktum does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.


Need additional assistance?

call us and we will provide the support that you need


At Artefaktum, we are engaged in civil and military missions that matter all over the world. As recognised solution and services provider of mission and investigation capabilities and innovative  IT solutions, we provide reliable national security solutions, services and technologies that ensure people’s safety and security. As a leading partner, we are not only a reliable security and investigation service provider for our customers, but rather the holistic business partner for companies, organisations and the public sector in various fields, including intelligence, space, cyber, defense, citizen security, health, and state and local markets. Our employees work daily to overcome the impossible, finding solutions to the most challenging problems faced by our clients.


Ian Watt 
+1 617 861 9250