In recent weeks, Spain has seen a surge in fraudulent schemes involving forged official notifications from government agencies. This trend affects both individuals and businesses, posing a real threat to financial security and personal data. The new wave of attacks is characterized by a high level of detail and credibility, which makes timely detection of deception significantly more difficult.
According to ESET España, scammers use the names of entities such as Ministerio de Justicia, Audiencia Nacional, and Europol to instill trust and alarm in recipients. Unlike previous attempts, these messages now contain convincing details: references to allegedly real police operations, technical terms, and investigative tools. This makes the fake letters almost indistinguishable from authentic ones, especially for those who have not encountered such threats before.
Attack scenario
The fraud begins with an email formatted as an official notification about the start of an investigation on suspicion of cybercrime. The message claims to be from Ministerio de Justicia, but the email address actually belongs to an ordinary Gmail account. The email includes a document filled with legal and technical terms to create a sense of authenticity. The main objective is to instill fear and a sense of urgency in the victim in order to prompt immediate action.
The letter urges recipients to contact an alleged official representative for clarification. In reality, all contacts lead to scammers who control further communication. After the first response, the victim enters the second stage of the scheme, where they are offered a ‘technical-legal assessment’ to prevent potential consequences. The cost of this service is €5,670, but the amount may increase depending on the scenario.
Financial trap
If the person agrees, they receive further payment instructions and are required to confirm the transfer. The scammers promise that once paid, any actions from law enforcement will be suspended. In practice, the money is transferred to an account registered to a French citizen residing in Paris. According to russpain.com, such schemes often use shell individuals or people unaware of the illegality to disguise the money trail.
In some cases, stolen personal data is used to receive funds, enabling scammers to open accounts in the names of unsuspecting citizens. This complicates tracking the chain of transfers and makes it harder for victims to recover their funds. As a result, victims lose money and risk further attacks or blackmail.
Recommendations and consequences
Experts advise that when receiving such letters, you should not respond, not send money, and always contact official authorities—Policía Nacional or Guardia Civil. This is the only way to verify the authenticity of the notice and avoid financial loss. Remember, government agencies never use unofficial mail services to send legally significant documents.
The spread of such schemes in Spain highlights the growing threat of cybercrime and the need for increased attention to digital security. Both companies and individuals should regularly update their knowledge of modern social engineering techniques and remain vigilant against new fraud attempts. If in doubt, consult with relevant specialists or seek assistance from law enforcement.
In recent years, Spain has repeatedly reported mass phishing campaigns using the names of government agencies. In 2024, a similar scam involved forged emails from Agencia Tributaria, where victims were threatened with fines for non-existent tax violations. Losses then amounted to hundreds of thousands of euros. Analysts note that scammers are constantly refining their methods, making attacks increasingly sophisticated and harder to detect.
