The Civil Guard has dismantled a criminal organization allegedly dedicated to committing fraud through the method known as Business Email Compromise (BEC), whose victim was a company on the island of Lanzarote.
The so-called Operation GESCHAFTE, carried out by the @ Team of the Civil Guard of Lanzarote, began after the complaint filed by the affected company, which detected the execution of several fraudulent transfers for an amount exceeding 40,000 euros. From that moment on, the agents began an investigation aimed at clarifying the facts, identifying those responsible, and trying to recover the stolen funds.
The investigations made it possible to determine that the cybercriminals had managed to access the company's corporate email. Taking advantage of this access, they modified the invoices issued by legitimate suppliers, altering the bank account numbers to which payments should have been made.
In this way, they managed to have the transfers directed to accounts controlled by the criminal organization, illicitly diverting significant amounts of money. Thanks to the actions taken by the investigators, several bank accounts used to channel the funds obtained through the scam were located and intervened.
This rapid action made it possible to block a significant portion of the stolen money before it could be withdrawn or transferred abroad, thus avoiding even greater economic damage to the affected company. As a result of the operation, the Civil Guard investigated two individuals residing on the Peninsula as alleged perpetrators of the acts and identified three others related to the criminal plot.
All of them are allegedly attributed crimes of fraud, belonging to a criminal group, money laundering, and document forgery. The investigation remains open and new actions or arrests related to the investigated facts are not ruled out.
The Civil Guard recalls the importance of taking extreme security measures in business communications, especially when receiving instructions related to payments, changes in bank accounts, or modifications in invoicing. For any request of this type, it is recommended to verify the information through alternative and secure channels before making any financial transfer.
What is a BEC scam?
Business Email Compromise (BEC), or "Compromised Corporate Email," is a particularly sophisticated type of fraud in which criminals manage to access legitimate company email accounts. Once inside, they use these real accounts to send messages impersonating trusted individuals, such as executives, employees, or regular suppliers.
As communications come from authentic addresses, victims tend to trust their legitimacy, which makes it easier for criminals to achieve their goal: inducing fraudulent money transfers or obtaining sensitive company information.
Recommendations against BEC scams
1. Be wary of urgent emails and messages
2. Enable two-factor authentication
3. Verify the web address before purchasing
4. Use secure payment methods
5. Use strong and unique passwords