Dec 22, 2025
3 min read
Fraud increased by 20% in the first six months of 2025
Cyber security has ceased to be a technical problem and has become a daily concern of Spanish users.Shopping online, checking your bank on your mobile phone or managing administrative tasks online are now part of your daily routine.But this accelerated digitization has also had a side effect: the steady growth of e-commerce fraud.
According to various recent studies, 45% of consumers in Spain have experienced some form of fraud while shopping online, and seven out of ten claim to receive phishing attempts every week.Statistics do not surprise experts.
"In recent years, the daily life of citizens has moved almost entirely to the digital environment", explains the director of Cipher's xMDR business department, Carlos A. "This transformation has greatly expanded the surface of the attack, and with it the risks", he adds.The problem is not abstract: behind every fraudulent click is financial loss, identity theft and often a significant emotional impact on the victim.
An increasingly sophisticated fraud
The technologies used by cybercriminals are evolving as rapidly as electronic commerce.Reports from organizations such as INCIBE or the European Commission agree that identity theft is the most common form of online fraud. Legitimate stores, completely designed web pages about sending emails or SMS that mimic bank alerts are already part of the digital landscape.
"The most common method is impersonation by creating fake websites that mimic legitimate stores in order to collect personal information, especially payment information," said Fernández.Added to this are purchases that never arrive, offers with unrealistically low prices and scams associated with missing or blocked inventory.
Among all these methods, phishing has become a prominent tactic.The effect lies mostly in human factors.“The success lies in the fact that it relies on social engineering techniques: leveraging users’ trust and emotions such as urgency, fear, and curiosity,” explained Cipher administrators.The result is an incredible success rate, especially when the message is delivered personally and appears legitimate.
The Professionalization of Fraud
Gone are emails full of spelling mistakes or untranslated messages.Nowadays, fraud campaigns show a high degree of sophistication, making it difficult for even the most diligent users to distinguish between real and fake."Criminal groups have perfected the technique of painting brands almost identical to the look and language of the companies they are trying to copy," warns Fernandez.
Artificial intelligence plays a key role in this development.According to various cybersecurity studies, the use of generative artificial intelligence enables the automation of massive campaigns while personalizing them with previously filtered information."Today it is possible to create very convincing texts, images or even sound using technologies such as deep forgery or voice cloning," says the expert.Traditional phishing has given way to scams (text messages) and vishing, where seemingly legitimate calls can end up draining your bank account.
Repeated errors
Despite increased awareness, users continue to make recurring mistakes.The most common, according to experts, is extreme work."Not carefully checking the sender or URL before interacting with a link or entering credentials" is still a common mistake, Fernandez says.In addition, many services reuse passwords, a practice that increases the impact of any data breach.
In the European context, Spain is in an intermediate position. As awareness is increasing and reference organizations, the number of events is still high.
Inadequate financing and e-commerce sector challenges
Banks and e-commerce platforms have become the first line of defense against this type of fraud.Multi-factor authentication, real-time monitoring and advanced detection systems are now essential, Fernandez stressed, along with the ability to block suspicious transactions before they occur.
Meanwhile, the user is still the most vulnerable link but also the most definite link.In a situation where 70% of internet users receive phishing applications every week, digital prevention, training and suspicion have become the tools needed with any technological solution.Because, in the new online trade ecosystem, security is no longer an option but in Sine Qua Non.
