Have you been a victim of cybersecurity fraud? In May 2024, the Civil Guard arrested 30 people in various Spanish locations for defrauding more than one million euros from over one hundred victims from 18 countries, using the ‘Man in the Middle’ method. The fraudsters infiltrated communications between suppliers and clients, modifying banking details to redirect payments to their own accounts
Cybersecurity fraud has evolved with new technologies, and one of the most common is known as «Man in the Middle». This crime involves the interception of communications between two parties without their knowledge, with the objective of modifying information and obtaining economic benefits.
What is «Man in the Middle» fraud?
«Man in the Middle» fraud is a type of computer fraud that consists of intercepting digital communications, especially emails and banking transactions, with the objective of modifying key data and redirecting payments without the victims detecting it.
How «Man in the Middle» fraud works
Access to the victim’s communication systems
The fraudsters access emails or business communication systems through phishing techniques
Do you need an attorney specialized in fraud crimes?
Do you need an attorney specialized in property crimes?
How do cybercriminals act in man in the middle fraud?
Modus operandi of «Man in the Middle» attacks
Man in the middle fraud attacks can take various forms, but all share the same objective: intercept and manipulate confidential information to obtain economic benefit.
Fraudulent Wi-Fi access points
The attacker creates a Wi-Fi network with an apparently legitimate name, such as «Airport Wi-Fi» or «Free Wi-Fi Zone». When users connect, all information transmitted through the network can be captured, including banking credentials, personal data and emails.
SSL Stripping attack
This technique degrades a secure HTTPS connection to HTTP, allowing the cybercriminal to view and record information that the victim enters on web pages, such as banking data or access passwords.
Reverse proxy phishing
The attacker creates a fake website that replicates the original one of a bank or company. The victim enters their access data believing they are interacting with the legitimate site, but in reality their credentials are sent in real time to the cybercriminal, who uses them to execute fraudulent transactions.
Interception of communications and manipulation of banking data.
The fraudsters access emails or systems
Do you need an attorney specialized in fraud?
Legal consequences of «Man in the Middle» fraud
In the Spanish criminal law framework, «Man in the Middle» attacks can fall under several criminal offenses provided for in the Criminal Code, depending on their modality and the harm caused.
Computer fraud
Article 249 of the Criminal Code establishes that those who, with intent to profit, interfere with computer systems, alter data or use electronic devices to cause an unauthorized asset transfer to the detriment of a third party shall be considered perpetrators of fraud.
Learn about the penalties for the crime of fraud by clicking here.
Unlawful access to computer systems (article 197 bis of the Criminal Code)
Article 197 bis CP, in its paragraphs 2 and following, punishes unauthorized access to computer systems for fraudulent purposes or to obtain confidential information, establishing penalties of up to 5 years in prison in aggravated cases.
The interception of communications without consent and obtaining banking credentials through phishing or malware can be sanctioned under this provision, especially when the attack involves a violation of the privacy or confidentiality of victims.
B
Do you need an attorney specialized in economic crimes?
Abogado penalista en Madrid (Graduado en Derecho y ADE con Máster de Acceso a la Abogacía), experto en procedimientos complejos y técnicos en Derecho Penal. Cuenta con títulos como el Curso de DerechoPenal Avanzado impartido por magistrados del Tribunal Supremo en el Iltre. Colegio de Abogacía de Madrid.