Cyber scams have evolved drastically. Previously, spelling mistakes or strange wording allowed users to identify phishing (entity impersonation). Now, the use of generative Artificial Intelligence (AI) allows cybercriminals to create much more realistic and perfected emails. The Agència de Ciberseguretat de Catalunya warns that 82.6% of these types of fake emails have already been generated with AI, according to its director, Laura Caballero.
“"With AI, texts, voices, and videos can be generated in a way that makes it very difficult to distinguish what is legitimate and what is not."
This sophistication feeds the black market for personal data on the dark web. Following major cyberattacks, such as the one suffered by the electric company Endesa earlier this year, customer data is being sold. This material, which includes signatures and identity documents, allows attackers to impersonate victims or create false content. The Deputy of the Spanish Data Protection Agency (AEPD), Francisco Pérez Bes, emphasizes the severity of the problem, indicating that the number of victims is counted in millions across Spain.
“"Each person, each one of us, has been a victim, on average, of more than 4 incidents during the year 2025."
Cyber scams are the second most reported crime in Catalonia, only behind theft, with an average of thirty daily cases reported to the Mossos police force. One of the most common deceptions is the fake SMS inserted into the legitimate message thread of the banking entity. Faced with these cases, civil courts are beginning to rule in favor of consumers, considering that the financial institution is also co-responsible.
“"Is it a problem of the consumer's lack of diligence or is it a civil co-responsibility of the financial entity that, given the existing innovation, is not implementing security barriers to prevent these cyber scams?"
Other cybercrime trends include ransomware (data hijacking), which remains highly active, as seen with the attack on the Hospital Clínic in April 2023. However, the director of APDCAT, Meritxell Borràs, highlights that fewer companies are paying ransoms (a reduction from 85% in 2019 to 23% currently), a sign that more is being invested in prevention and IT resilience.
