- One individual has been arrested and five others are under investigation for alleged crimes including fraud, money laundering, and unauthorized access to computer systems.
- Modus operandi: Business Email Compromise (BEC) — Cybercriminals intercepted digital communications, impersonated company executives or clients, and fraudulently collected unpaid invoices.
- The investigation remains ongoing.
Murcia – The Guardia Civil in the Region of Murcia has dismantled a cybercriminal organization responsible for a sophisticated email fraud that cost a local company over €100,000. The investigation, codenamed “Operation Rocalina”, led to the arrest of one suspect and the identification of five more individuals under investigation for suspected involvement in fraud, money laundering, and unauthorized access to IT systems.
The case began in November last year when a wholesale beverage company based in the Northwest region of Murcia reported being the victim of a significant online scam.
How the scam worked – Business Email Compromise (BEC)
The criminals used a technique known as Business Email Compromise (BEC). This involves intercepting corporate email communications and impersonating executives, managers, or clients to manipulate payment processes. In this case, the scammers infiltrated the company’s email inbox, monitored conversations related to pending payments, and then posed as a legitimate supplier requesting a payment.
They subtly changed the recipient’s bank account number in the email, causing the unsuspecting victim company to transfer more than €100,000 to an account controlled by the scammers. The fraud only came to light when the real supplier later contacted the company to inquire about the missing payment.
Investigators traced the funds to a bank account registered to a resident of Roquetas de Mar, Almería. This account holder quickly dispersed the money through transfers, cash withdrawals from ATMs, and payments via mobile apps like Bizum.
Further investigation revealed the existence of a broader network based in Roquetas de Mar. These individuals acted as “money mules,” withdrawing the funds through betting shops or ATMs and allegedly handing the cash over to higher-ranking members of the group.
So far, the Arroba Team from the Guardia Civil’s cybercrime unit in Caravaca de la Cruz has arrested one person and formally investigated five others for their roles in the offenses.
The operation remains active, and more arrests are not ruled out.
