
SIM Swapping & Carding Criminal Defense Lawyers
When they clone your SIM and drain your account. Technical defense and specialized bank claims
Last updated:
SIM Swapping: The Fraud That Drains Your Account in Minutes
SIM Swapping is one of Spain's fastest-growing frauds. The method is precise: criminals obtain your personal data (name, ID, phone number) through phishing, leaked databases, or social media surveillance. With that data, they call your carrier impersonating you and request a SIM duplicate.
The moment the new SIM activates, your phone loses signal and all SMS — including bank OTP codes — go to the criminal. Within minutes, they access your online banking and drain accounts through immediate transfers or crypto purchases.
Criminal Classification of SIM Swapping
Criminally, SIM swapping is not an autonomous offence but a concurrence of offences. The fraudulent obtaining of the SIM duplicate and the subsequent non-consented transfer integrate the computer fraud of Art. 249.1.a CP (computer manipulation determining a transfer of patrimonial asset to another's detriment). Access to online banking through the intercepted codes may constitute unlawful access to systems (Art. 197 bis CP), and the prior capture of personal data, discovery and disclosure of secrets (Art. 197 CP). Impersonation before the carrier may add civil-status usurpation (Art. 401 CP). When a stable structure is involved, the aggravation for membership of a criminal group or organisation operates.
Penalties and Refund (Art. 250 CP and PSD2)
The penalties are graduated by amount: computer fraud carries 6 months to 3 years' prison in its basic type and 1 to 6 years in the aggravated form of Art. 250 CP when the defrauded amount exceeds 50,000 euros or other aggravations concur. For the victim, the PSD2 framework (RDL 19/2018) imposes on the bank the obligation to refund unauthorised operations, unless it proves the user's intent or gross negligence; and the telephone carrier may be civilly liable when it issued the SIM duplicate without diligently verifying the applicant's identity. The strategy combines criminal prosecution with civil claims against bank and carrier.
Immediate Action by the Victim
Faced with SIM swapping, the reaction in the first hours is decisive. The victim must immediately contact the carrier to regain control of the line, alert the bank to block accounts and cards and request the reversal of unauthorised operations, report to the Police or Civil Guard providing all the data, and preserve the evidence (screenshots, SMS, call logs, transfer receipts). The sooner the loss of coverage and the chain of fraudulent accesses are documented, the stronger both the civil claim against bank and carrier and the criminal prosecution of the perpetrators.
Dual Approach: Defense & Victim Claims
If ACCUSED
- • Money mule defense: absence of intent (fake job offer)
- • IP attribution challenge and digital evidence
- • Chain of custody of seized devices
If VICTIM
- • Bank claim (PSD2): refund of unauthorized operations
- • Civil lawsuit against carrier for negligence
- • Fund tracing and freezing (crypto and fiat)
ART. 248Carding: Card Fraud
Carding encompasses the full spectrum of card fraud: from skimming (ATM cloning) to buying/selling card data on the dark web. Data is used for fraudulent online purchases, often shipped to "drops" (transit addresses).
Card cloning at ATMs or tampered POS terminals. 6 months to 3 years prison
Purchasing dumps (magnetic strip data) and CVVs on underground forums
Fake shipping addresses or intermediaries receiving and forwarding products bought with stolen cards
Why Alonso Sala for SIM Swapping?
- securityBlockchain traceability experts for crypto tracing.
- securityPSD2 claim experience against banks: Santander, BBVA, CaixaBank.
- securityCivil lawsuits against carriers for negligent SIM duplicates.
- securityTechnical defense of 'mules' recruited through social engineering.
Cybercrime in Spain: Hacking, Phishing & Digital Fraud — Defence Guide
Cybercrime encompasses illegal access to computer systems (Art. 197 bis CP), computer damage and ransomware (Art. 264 CP), phishing and digital fraud (Art. 249.1.a CP), and the production or distribution of hacking tools (Art. 197 ter). Spain's prosecution of cybercrime has intensified dramatically, with specialised units in the National Police (BIT) and Guardia Civil (GDT) leading investigations. Defence requires a unique combination of criminal law expertise and advanced technical knowledge.
Penalty Table: Cybercrime
| Offence | Article | Description | Penalty |
|---|---|---|---|
| Illegal access to systems | Art. 197 bis | Unauthorised access breaching security measures | 6 months – 2 years |
| Interception of data | Art. 197 bis.2 | Intercepting non-public data transmissions | 3 months – 2 years |
| Production/supply of hacking tools | Art. 197 ter | Creating or distributing tools designed for cybercrime | 6 months – 2 years |
| Computer damage (basic) | Art. 264.1 | Deleting, damaging or making data inaccessible | 6 months – 3 years |
| Aggravated damage (critical infrastructure) | Art. 264.2 | Affecting essential services or critical infrastructure | 2 – 5 years prison |
| Cyber fraud (phishing) | Art. 249.1.a | IT manipulation to obtain unlawful transfer of assets | 6 months – 3 years |
Key Defence Strategies
IP Attribution Challenge
An IP address does not identify a person. Shared Wi-Fi networks, VPNs, Tor exit nodes and NAT configurations mean multiple users may share one IP. The prosecution must prove the accused was the actual user at the relevant time.
Chain of Digital Custody
Digital evidence is extremely fragile. If the police failed to image the hard drive with a write-blocker, if hash values don't match, or if evidence was handled improperly, the defence can seek exclusion of the entire digital evidence chain.
Authorised Security Testing
Ethical hacking and penetration testing carried out with the system owner's authorisation is legal. If the defendant had a written engagement contract, bug bounty agreement or responsible disclosure policy, there is no criminal offence.
Lack of 'Breaching Security Measures'
Art. 197 bis requires that security measures were breached. If the system had no password, no firewall, or the access point was public, the element of 'breaching security' may be absent, negating the offence.
Key Case Law
The Supreme Court confirmed that 'access' requires effectively entering the system, not merely attempting it. The prosecution must prove: (1) access occurred, (2) it was unauthorised, and (3) security measures were breached. Port scanning alone does not constitute the offence.
The Court ruled that ransomware attacks may constitute a concurrent offence of computer damage (Art. 264) and extortion (Art. 243 CP). The encryption of data satisfies the 'damage' element even if data is technically recoverable upon payment.
In phishing operations, the Court distinguished between the organiser and the 'money mule' (account holder). The mule's liability depends on proof of knowledge that the funds were illicit. Wilful blindness may suffice, but mere negligence does not.
SIM Swapping & Carding FAQs
What exactly is SIM Swapping?expand_more
Can I claim from the bank if my account is drained?expand_more
Is the phone carrier at fault?expand_more
What crimes are committed in SIM Swapping?expand_more
What is 'Carding'?expand_more
Can I be accused of SIM Swapping for receiving money?expand_more
How can I protect myself from SIM Swapping?expand_more
Are cryptocurrencies obtained through SIM Swapping traceable?expand_more
How long do these cases take to resolve?expand_more
What is the penalty for SIM Swapping?expand_more
Looking for a SIM Swapping Defense Lawyer in Spain?
As a national law firm, we offer specialized criminal defense in SIM Swapping, Carding, and banking card fraud. We act both as private prosecution for victims and in the defense of the accused, with technical rigor and forensic expertise from day one.
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.