Spanish Civil Guard Cracks Down on Sophisticated Business Email Compromise Scam

Cybercrime in Spain has become increasingly sophisticated, posing a serious threat to the financial security of small and medium-sized businesses. A recent investigation by the Civil Guard into a "Business Email Compromise" (BEC) scam in Santa Cruz de Tenerife highlights this growing danger. In these attacks, criminals intercept digital communications to impersonate trusted suppliers, tricking companies into sending payments to fraudulent accounts.

The case, which recently reached the courts in Bilbao, began when a Canary Islands company paid for culinary training services. Fraudsters infiltrated the email exchange between the company and its supplier, secretly changing the bank account details on the invoices. The victim, unaware of the tampering, transferred the funds. The fraud was only discovered when the service provider reported that they had not been paid, leading both parties to realize their emails had been intercepted.

The Civil Guard’s specialized cybercrime unit, the @ Team, resolved the case after the company filed an official complaint. By tracking the flow of money and analyzing the receiving bank account, investigators linked the crime to a suspect in Biscay. The individual has since been referred to the judicial authorities.

This incident serves as a stark reminder of the risks involved in electronic transactions when verification protocols—such as calling a supplier to confirm changes to billing details—are ignored. BEC fraud is highly effective because it exploits the trust built into regular business relationships. To protect themselves, companies must strengthen their cybersecurity measures and ensure staff are trained to spot these administrative manipulations.