Cybercriminal scams €1 million from Sevilla City Council

Spain's Ministry of the Interior security agencies foil 10,000 cyber attacks

Spain's Ministry of the Interior security agencies foil 10,000 cyber attacks.

A CYBERCRIMINAL has defrauded €1 million from Sevilla City Council in an online scam

A cybercriminal has reportedly managed to steal almost €1 million from Sevilla City Council while posing as a legitimate client of the entity.

It would seem that this online criminal used the identity of a company that had won the contract to supply last year’s Christmas lights for the city. He then emailed the City Council requesting they changed the account number where the municipal treasury should make the payment for the service being provided by the ‘company’.

With this simple scam, the criminal was around €1 million better off, while Sevilla’s treasury was severely out of pocket.

ABC interviewed a hacker who, for obvious reasons, keeps his identity hidden, but he acts as an advisor to public entities and companies. These clients go to him for help when information is hijacked through ransomware, or they need to locate a failure in their systems in record time. Usually it would be a failure that could compromise the work of a corporation, thus exposing themselves to their competitors.

As this anonymous hacker revealed, “The lack of culture in computer security is key in this type of fraud. The company’s email may have been compromised, but in the end, the City Council staff failed to detect that something was wrong when they received the email from the cybercriminals. There are no protocols”.

When quizzed about the fraud carried out against Sevilla City Council, the hacker warned that it has to do with a widespread problem in Spanish public administrations. This, he pointed out,  includes the lack of awareness of the priority that protection against computer threats should be.

The National Security Scheme (ENS) was established in Spain, to help combat cybercrime. It is part of a framework that has been regulated by royal decree since 2010, which arose from a 2007 law on electronic access of citizens to public services.

This entity collects a certificate for those administrations, entities, and companies that have established a security policy, and the conditions of trust in the use of electronic media. The hacker reveals that only nine city councils in all of Spain have acquired this certificate, and that Sevilla is not among them.

“When it comes to implementing protocols to avoid being victims of cybercrime in public administrations, specialists find several problems: bureaucratic obstacles, defining who assumes responsibility in case of failure, and the lack of training of employees to establish protocols that serve to prevent possible attacks”, he explained.

As part of his work, this hacker carries out audits to check the state of town hall computer systems, and in his day-to-day activity he has found servers with little protection, plus how sensitive and confidential information such as the employee payroll was stored in shared folders.

He concluded, “Spain is a great testing ground for criminals, because there are many people connected to the internet with no training in cybersecurity”, as reported by sevilla.abc.es.

___________________________________________________________

Thank you for reading, and don’t forget to check The Euro Weekly News for all your up-to-date local and international news stories.

Written by

Chris King

Originally from Wales, Chris spent years on the Costa del Sol before moving to the Algarve where he is a web reporter for The Euro Weekly News covering international and Spanish national news. Got a news story you want to share? Then get in touch at editorial@euroweeklynews.com

Comments