Costa Rican and Colombian authorities have dismantled a transnational cybercrime ring that defrauded victims of over ₡35 million (about $67,000 USD) by creating fake banking websites to steal login credentials.
Today the Judicial Investigation Organization (OIJ), in coordination with Colombia’s National Police and Public Prosecutor’s Office, carried out nine raids—six in Costa Rica and three in Medellín, Colombia. The operation, named “Operation Nexus,” targeted a group responsible for designing and promoting mirror versions of the Banco de Costa Rica (BCR) website. These cloned sites appeared at the top of Google search results, tricking users into entering sensitive information.
Once a person submitted their login details—including username, password, and dynamic token—the criminals had immediate access to their accounts. Withdrawals were typically made within 30 to 40 minutes, often at ATMs.
In Costa Rica, authorities arrested a 34-year-old man in Paso Ancho and a 46-year-old woman in Alajuelita. Both are suspected of withdrawing stolen funds. Additional searches in Puriscal, Santa Cruz, Guápiles, and Golfito led to the confiscation of computers and other digital equipment. So far, 24 complaints have been filed in Costa Rica related to the scam.
Three major internet service providers—Kölbi, Liberty, and Telecable—were also raided, not because they were suspects, but because they may hold key data such as IP logs that could help track the criminals. All three companies have cooperated with the investigation.
In Medellín, raids were carried out on properties believed to be linked to the Colombian gang that sold the fake sites. No arrests were made in Colombia, but investigations continue.
Yorkssan Carvajal, head of the OIJ’s Computer Fraud Section, explained how people are often redirected to fake websites simply by using shortcuts in search engines. “This happens because people don’t take the time to type full words into search engines and instead use abbreviations; that’s when they end up on fake pages,” Carvajal said.
The Banco de Costa Rica has since issued an alert to customers, advising them to avoid accessing bank sites through search engines and instead enter the full URL directly. Ameripol, an international law enforcement cooperation organization, also supported the investigation.
Authorities believe at least 30 people may be involved in the criminal network. The OIJ encourages the public to remain vigilant and contact authorities or their bank if they suspect any suspicious activity on their accounts.
