The day Juan Luis de Soto lost his card holder, in 2019, he did not realize it. Maybe it was stolen. “I looked for him for a couple of weeks, as I couldn't find him, I reported him at the police station, I got a new ID and I forgot,” he says. So far it is a common incident that thousands of Spaniards have gone through. But for De Soto it was the beginning of a well of insistent calls from credit institutions, letters with threats and fights to get off delinquent lists. The case is still pending trial and even today, more than two years later, De Soto often watches on the internet if someone else uses his name: “They impersonated my identity and they spent 100,000 euros with my name and now I still suffer the consequences” , he explains.
“I found out that something strange was happening when I received a letter from a loan company telling me that I hadn't returned it, ”explains De Soto, 46, from Leganés (Madrid). “I thought it was a mistake or misleading advertising and I quit. But right away I received a letter from BBVA with information on another loan. I called them and they said, 'It's the car you bought.' A car?! I went to the dealership and there they told me that yes, I had bought a car “, he adds.
Then he understood:” It's not me, it's my ID ”. The impersonator's misdeeds lasted less than two months, from when he obtained the document until the police stopped him when he was going to pick up a third car. In those weeks he managed to use the name of Juan Luis de Soto to request three credits for three cars, open a bank account and request eight credits of between 300 and several thousand euros. Everything was in dealerships and different entities. The most expensive car was 38,000 euros and, according to De Soto's data and the summary, the alleged criminal bought a 2,000-euro bicycle and spent 1,700 euros in a Carrefour in Getafe and 944 in El Corte Inglés de Méndez Álvaro (Madrid ), 304 in the perfumery section.
In total, with interest, they are almost 100,000 euros. When the alleged criminal was detained by the police at the dealership, he told them his real name and that he was “a friend of Juan Luis.” When De Soto repeats this scene he still exclaims angrily: “Friend!” From there he entered provisional prison and was released after a few months. On the scheduled day of the trial he did not appear and was found to be a fugitive. “In October they caught him,” says De Soto. “But the Provincial Court reached an agreement to sentence him to a year and a half in prison, so that he would not even go to jail. We have protested and asked for a trial and compensation for moral damages ”, he adds. The new trial should be in early 2022. It remains to be seen if it will be presented.
Where did he get the DNI ?
In conversations with entities and the police, De Soto heard over and over again how these cases occur often. His case is exceptional because of the volume. “When there are cars in between, the police move fast,” he says. The goal, it seems, is to buy something easily salable and turn it into cash. De Soto contacted Newsfresh for an article about the sale of real IDs in channels of the Telegram messaging application. I wanted to find out if, by chance, the journalists of the newspaper had seen his document for sale.
We had not seen it. But it is possible that the criminal acquired it somewhere like that and even chose it. He looked a bit like De Soto. “The physical resemblance always helps. He disguised himself a bit as me with glasses, “says De Soto, who still does not understand how despite these small physical advantages, the alleged criminal was able to achieve so much with so little time:” Three cars, two phone lines, eight quick credits? , a fake checking account, and that no alarm has been triggered? The system fails here, not that a guy came to fuck you. It has failed everywhere: financial, legal controls “, he adds.
As De Soto says, his case was” analog. ” Now, in the post-pandemic era, the National Police are more concerned about bulk digital spoofing. “Criminals are now looking for the simplest thing for them,” explains Chief Inspector Diego Alejandro, head of the e-commerce section of the National Police. “With social engineering they contact the victims and they are getting information: the phone number, the DNI, where they live, their bank, in more extreme cases they get the electronic banking passwords or the electronic signature. And they do it by email (phishing), with calls (vishing) or also by sms (smishing) ”, adds.
Alejandro he has seen crimes of all kinds. A common way of obtaining documents is to place an advertisement for a normal or vacation rental or the sale of cars or mobiles. With a good offer they attract favorable victims. “To finalize the sale they ask for information such as a photo of the ID in front and back, bank account, even income statement and with this documentation they manage to open accounts in the name of that person,” he says. Not only that, sometimes there have been cases where a criminal has presented a tax return for a victim who went out to return modifying some fields.
The identity theft is often done in a chain. When a victim realizes that they have been scammed, they file a complaint accusing the owner of the account where their money has gone. But that name is likely to be stolen as well, thereby accusing another victim. “That can lead to other legal problems. You will have as many complaints as scams the offender has consummated. It is a double victimization, ”says Diego Alejandro. “If we don't do a good research and we don't know the IPs from where they have been connected, we can't get out of that loop,” he adds. Criminals use identities to feed back on their crimes. It is like a Russian doll where everything is spoofed identities and money that circulates between fake accounts.
They are not 'hassles'
De Soto is especially bothered that in the courts and among the authorities people talk about what has happened to him as “inconvenience”. “Annoyances is having to go down at eleven o'clock at night to throw out the garbage in your pajamas,” he says annoyed. “But 100,000 euros in credits? That is not a nuisance, it is a detriment. I at least know how to defend myself moderately, move on the internet, consult files of defaulters, but this happens to a person with less knowledge and they jump over a bridge. They drive you crazy directly. They are calls and letters every day at all hours. These fast credit companies are prey dogs, they don't care if you tell them it's not true, they'll go after you to the jugular ”, he adds.
De Soto has ended up, at least, in three files of defaulters. Entities must warn the affected party before including him. As with the real De Soto they did not, a bank has already had to pay him a compensation of 2,000 euros. He is awaiting more trials.
Something similar happens with cars. There is one that circulates legally in France. The alleged criminal sold it in Alicante two days after buying it with the identity of De Soto. From there they exported it. This Friday, the Leganés City Council seized 80.31 euros from De Soto's account for the road tax on that vehicle. “The police tell you that the databases are like that and that I need a court ruling to change that car's name. It is I who must prove that this car was not bought by me. I will have to go to a civil trial, ”he explains. “It is that they had not asked me for the tax in 2019 or 2020, but in 2021. The database bureaucracy is a mess. But I won't pay. It's a matter of honor ”, he adds. At the moment the money seized is yours.
Dismantled a band in Barcelona
Although the digital part in these crimes continues to grow, the original physical documents maintain an extraordinary value. The agents who handled his case recommended that De Soto carry only one photocopy in his wallet, not the original.
This Saturday the Police announced precisely the dismantling in Barcelona of a gang of 47 members who had defrauded 2.5 million euros throughout Spain by impersonating more than 200 victims. The leadership of the organization obtained DNI with social engineering techniques, in second-hand sale portals or through theft. With the documents they went to banks to check the victim's balance in person: “They took advantage of similar physical features and the use of masks or other disguise items that helped hide their faces,” says the Police in their statement. The operation has been baptized as Operation Sainete.
When balances were large, they changed the customer's contact information – phone and email – because banks use it as a security measure when customers go in person. The gang had a former bank employee with more than 20 years of experience who knew how entities work from the inside. Once the target account had been decided and the contact information changed, they proceeded to reset it quickly and simultaneously: at the counter, at different ATMs with a technique called Hal Cash that does not need a card, or with transfers online and in person. The Police also explain that if the owner of the DNI had little money, they used the documents for other purposes: renting cars, identifying themselves in hotels, buying sim cards, taking out tickets or opening bank accounts on-line. During the 28 searches, the Police found 71 physical IDs, 60 mobile phones and 120 cards, in addition to weapons and marijuana.
You can follow Newsfresh TECHNOLOGY at Facebook and Twitter or sign up here to receive our weekly newsletter .