Cybercriminal scams €1 million from Sevilla City Council

22-year-old Ukrainian arrested over largest cyber-attack in history
22-year-old Ukrainian arrested over largest cyber-attack in history. CREDIT: Pixabay

A CYBERCRIMINAL has defrauded €1 million from Sevilla City Council in an online scam

A cybercriminal has reportedly managed to steal almost €1 million from Sevilla City Council while posing as a legitimate client of the entity.

It would seem that this online criminal used the identity of a company that had won the contract to supply last year’s Christmas lights for the city. He then emailed the City Council requesting they changed the account number where the municipal treasury should make the payment for the service being provided by the ‘company’.


With this simple scam, the criminal was around €1 million better off, while Sevilla’s treasury was severely out of pocket.

ABC interviewed a hacker who, for obvious reasons, keeps his identity hidden, but he acts as an advisor to public entities and companies. These clients go to him for help when information is hijacked through ransomware, or they need to locate a failure in their systems in record time. Usually it would be a failure that could compromise the work of a corporation, thus exposing themselves to their competitors.

As this anonymous hacker revealed, “The lack of culture in computer security is key in this type of fraud. The company’s email may have been compromised, but in the end, the City Council staff failed to detect that something was wrong when they received the email from the cybercriminals. There are no protocols”.

When quizzed about the fraud carried out against Sevilla City Council, the hacker warned that it has to do with a widespread problem in Spanish public administrations. This, he pointed out,  includes the lack of awareness of the priority that protection against computer threats should be.

The National Security Scheme (ENS) was established in Spain, to help combat cybercrime. It is part of a framework that has been regulated by royal decree since 2010, which arose from a 2007 law on electronic access of citizens to public services.

This entity collects a certificate for those administrations, entities, and companies that have established a security policy, and the conditions of trust in the use of electronic media. The hacker reveals that only nine city councils in all of Spain have acquired this certificate, and that Sevilla is not among them.

“When it comes to implementing protocols to avoid being victims of cybercrime in public administrations, specialists find several problems: bureaucratic obstacles, defining who assumes responsibility in case of failure, and the lack of training of employees to establish protocols that serve to prevent possible attacks”, he explained.

As part of his work, this hacker carries out audits to check the state of town hall computer systems, and in his day-to-day activity he has found servers with little protection, plus how sensitive and confidential information such as the employee payroll was stored in shared folders.

He concluded, “Spain is a great testing ground for criminals, because there are many people connected to the internet with no training in cybersecurity”, as reported by


Thank you for reading, and don’t forget to check The Euro Weekly News for all your up-to-date local and international news stories.

Chris was born in a small village in Wales, where he ran his own successful construction company for many years, before deciding in 1990, to swap the grey skies and rain for the sunshine and lifestyle of the Costa del Sol. Late last year he made the move to Southern Portugal, and is now residing on the Algarve. Having sung and played in a rock band back in Wales, he still likes to go out and entertain in his spare time, singing in restaurants and golf clubs. Interests are of course music, especially from the 60s and 70s, movies, nice restaurants, and he has a passion for graphic design and online marketing.


Please enter your comment!
Please enter your name here