Spain’s Cybercrime Problem: What Banks Should Learn from the Santander Data Breach
Spain recently made headlines when one of its largest banks, Santander, fell victim to a hacker attack. This incident underscores that neither Spanish institutions nor its citizens are safe from the rising wave of cybercrime sweeping across the globe. Let’s take a closer look at the situation on the Iberian Peninsula.
Santander, a Spanish multinational financial services company based in Madrid and one of the world’s largest banks by market value, recently suffered a significant data breach. According to an official statement, the bank experienced “unauthorized access to a Santander database hosted by a third-party provider.”
A group calling itself ShinyHunters claimed responsibility for the attack and later posted the alleged “haul“ on a hacking forum: the bank account details of 30 million people, 6 million account numbers and balances, 28 million credit card numbers, and HR information for staff.
The bank did not confirm whether the group’s claims were true, but assured customers that “the compromised database did not contain transactional data or credentials that would allow unauthorized transactions, such as online banking details and passwords.”
The scam-related implications of the breach
While the bank’s reassurance that unauthorized transactions (i.e., further hacking of banking systems) are not imminent is good news, attackers still seem to have plenty of ammunition for a type of attack that has become much more common and dangerous in recent years: scams and related authorized push payment (APP) fraud.
Attackers—and other cybercriminals who may purchase the data on the dark web—now have enough intel to shape their pretexts and tailor their social engineering techniques more convincingly. The attack itself serves as an excellent cover for scams: the data leak provides an ideal excuse for scammers to contact Santander’s (or other banks’) clients, pretending to be a bank representative and convincing customers to “protect” their funds by transferring them to the fraudsters’ accounts.
This risk cannot be ignored, especially given that vishing and impersonation fraud are growing trends in Spain. A Europol report from June 2024 highlights a crackdown on fraudsters from the Iberian Peninsula who defrauded elderly victims of EUR 2.5 million through phone scams and social engineering.
Moreover, Santander is not the only major institution in Spain recently targeted by a cyber-attack. Hackers also breached telecom provider Orange in January 2024, preventing an undisclosed number of customers from accessing certain websites.
Spain’s growing cybercrime problem
Both Spanish companies and consumers must stay vigilant, as cybercrime has become a growing threat, increasing by 25.5% in 2023. It now accounts for around a fifth of all registered crimes in the country. The most common by far (90%) are online fraud schemes, marking a 27% increase compared to 2022.
Data from Spanish banks confirm the trend. According to their reports, fraud attacks increased by 117% in 2023, with recorded losses exceeding €240 million. The trend appears to be ongoing, as the first quarter of 2024 saw a 14.3% increase in online fraud compared to the same period in 2023, according to data from the Ministry of the Interior’s Crime Balance.
Spain is one of the countries most affected by phishing. In 2022, it ranked as the second most affected country in Europe (after the UK), with 94% of Spanish organizations targeted by phishing attacks. According to Kaspersky, Spain also ranks second on the malicious mailings chart (i.e., the share of emails containing malicious attachments), with 9.53%, just behind Russia at 16.72%.
Targeting the vulnerable
If we delve deeper into fraud statistics, we see that scammers particularly target the vulnerable. The latest data from the Mossos d’Esquadra (an autonomous police force in Catalonia) indicate a 78% increase in scams among people over 65 in 2022, compared to 2019.
By province, Andalusia is a favorite target of cybercriminals, with estimates showing that attacks in the region soared by 43% in 2023. Of the 426,784 online frauds registered in the country, 17% occurred in Andalusia. What makes Andalusia so attractive to fraudsters? Part of the reason could be that 43% of the population lacks basic digital skills, and 8% have never used the Internet, according to the Andalusian Cybersecurity Strategy document. Inexperienced internet users are prime targets because they are more vulnerable to scammers’ schemes.
Spain also has one of the highest spam rates in Europe: Nearly half (46%) of unidentified calls in the country are spam, and 8% of those unwanted calls are fraudulent. In the final quarter of 2023, the most common type of fraudulent calls involved bank impersonation scams—which is particularly concerning in light of the Santander data breach. Insurance fraud ranked second, with package delivery and cryptocurrency fraud also being prevalent. As always, new technologies, especially generative AI, are fueling the rise of online fraud.
Spanish banks form a common defense
Banks in Spain are well aware of the negative consequences fraud brings to their operations, clients, and overall trust in the financial environment. Fighting back, however, requires a comprehensive approach tailored to the complexities of modern fraud.
Sharing fraud-related data is one of the commendable countermeasures being implemented by banks and regulators. In Spain, BBVA, Banco Santander, and CaixaBank have launched FrauDfense, a joint initiative aimed at unifying their anti-fraud operations. In the first phase, the alliance will focus on developing an information-sharing tool to discuss fraudulent ‘modus operandi’ and effective countermeasures while rigorously maintaining the confidentiality and privacy of shared information. Following this phase, Santander stated that “the alliance will consider adding other banks and companies to increase its scope.” The project has already been presented to various Spanish supervisors and regulators.
Enhancing modern anti-fraud systems
Tackling scams—the most common type of fraud today—puts the bank from which the money is sent (i.e., the victim’s bank) in a challenging position. In authorized push payment scams, the legitimate client logs into their account using their usual device, making it difficult for the bank to detect any suspicious activity. The transaction amounts are often typical, adding another layer of complexity to identifying fraud.
To effectively combat scams, banks need to enhance their detection capabilities and extend them to include cases of authorized fraud. Unfortunately, traditional fraud detection systems (FDS) are inadequate for this task because they cannot adapt quickly enough to the evolving tactics of fraudsters. Often, these systems focus solely on transaction analysis, threat intelligence, or customer authentication—none of which are necessarily effective against APP fraud.
Modern methods take a different approach, leveraging the latest technologies, such as artificial intelligence and machine learning, to assess a wide range of factors in real time that may indicate fraud risk.
How can behavioral intelligence help Spanish banks
ThreatMark’s Behavioral Intelligence Platform, the first full-stack fraud prevention solution based on behavioral intelligence, serves as an excellent example. It enhances an institution’s fraud defenses by utilizing often-overlooked data from user interactions. The platform collects and analyzes a variety of behavioral patterns—such as login frequency, transaction habits, navigation preferences, and keystroke dynamics—to create a unique profile for each user.
By integrating behavioral data with transaction, threat, and device analysis, the Behavioral Intelligence platform achieves up to a 70% better detection rate compared to traditional FDS. It offers a more nuanced response to detected anomalies, reduces authentication costs, and minimizes false positives and customer friction.
Behavioral intelligence offers Spanish banks, facing a growing incidence of cybercrime, effective prevention against not only unauthorized types of fraud, such as RAT attacks, account takeovers, and financial malware, but also the increasingly frequent cases of scams and social engineering.
In addition, the platform provides a reliable source of detailed data on specific fraud cases. Banks can use this data to gain valuable insights into fraud patterns and attackers’ infrastructure, which can then be shared (e.g., via initiatives such as FrauDfense) to collectively strengthen their defense mechanisms against cyber fraudsters.