Scam alert in Spain: Fake Guardia Civil emails target citizens

Spanish authorities warn of a widespread phishing campaign impersonating the Civil Guard and Europol, aiming to trick people into handing over personal and financial information.

Key takeaways

• Fake “official” emails are being used to impersonate the Spanish Civil Guard and Europol in a coordinated phishing campaign targeting citizens across Spain
• The scam relies on fear and legal threats to pressure victims into responding quickly and sharing sensitive or financial information
• Attachments and replies are the trap — once engaged, attackers attempt to escalate the scam and extract personal data or payments

According to Spain’s National Cybersecurity Institute (INCIBE), the fraudulent emails are designed to create panic by accusing recipients of serious cybercrimes.

“A phishing email campaign impersonating the Spanish Civil Guard and Europol has been detected. The messages use legal jargon and technical language to frighten recipients with claims of involvement in international cybercrime,” INCIBE says.

The messages typically claim the recipient is under investigation and must respond urgently or face fines, prosecution, or even arrest. This sense of urgency is deliberate. Scammers rely on fear to push people into reacting without thinking.

To make the scam more convincing, attackers include official-looking elements such as logos, stamps, and references to real institutions. Many emails come with a PDF attachment that mimics a legal notice, combining real and fake details to appear legitimate.

Source: INCIBE

In some cases, the message urges recipients to reply directly or contact a supposed “department” to resolve the issue. That’s where the real scam begins. The goal is to start a conversation and eventually extract sensitive data, such as the victim’s ID, banking information, or even payments to allegedly settle the “case”.

Spanish authorities clearly state neither the Guardia Civil nor Europol contacts individuals about criminal investigations via unsolicited email, nor do they request payments.

 Red flags to watch for:

• Unsolicited accusations of criminal activity
• Urgent deadlines or threats of legal action
• Attachments labeled as official summons or legal notices
• Requests for personal, financial, or banking information
• Email addresses that don’t match official government domains

What to do if you receive one:

• Don’t engage: Avoid replying, clicking links, or downloading attachments
• Verify independently: Contact authorities using official websites—not the details in the email
• Report the scam: INCIBE recommends forwarding suspicious emails to help track these campaigns
• Delete the message: And block the sender to prevent further contact

If you’ve already interacted with the email or shared information, act quickly. Save evidence such as screenshots and emails, contact your bank if financial data was involved, and report the incident to local authorities or a cybersecurity helpline.

When a message tries to rush you, intimidate you, or pressure you into sharing sensitive data, that’s your signal to pause and verify before taking any action.

If you ever feel unsure about a suspicious message, tools like Bitdefender Scamio can help you quickly check if it’s a scam, while Bitdefender Link Checker lets you safely analyze links before clicking.