Why Barcelona is Spain’s stolen cellphone capital

Gangs rack up huge profits by using robbed SIM cards to call premium numbers abroad

A group of tourists poses for selfies on Las Ramblas in Barcelona.
A group of tourists poses for selfies on Las Ramblas in Barcelona.Juan Barbosa

During a break in Barcelona last year, Osian Rhys Edwards had his cellphone stolen. The 29-year-old Welsh elementary school teacher from Barmouth had thought he had lost it for good and canceled his phone service before returning from vacation in August 2014.

But upon arriving home, things got even worse: Vodafone sent him a bill telling him he owed around €20,000 for phone calls that were made using his number. Someone had been making multiple calls to premium-rate lines without his knowledge that same night his phone was taken.

In just a few hours, they had managed to rack up a bill equivalent to what Rhys Edwards makes in a year.

Someone had been making multiple calls to premium-rate numbers the night his phone was taken

The teacher, who shared his experience with The Guardian newspaper, is not the first British citizen to have his cellphone stolen in Barcelona by a gang of computer experts who use robbed SIM cards to turn an illegal profit.

Tourists – especially those who don’t immediately cancel their phone services after a theft – are the perfect targets. The phone itself is resold, and the SIM card provides criminals with the necessary means of making calls to premium-rate numbers outside the country that can generate a fortune.

The key factor is the time between the moment when a person realizes they have had their phone stolen and when they report it missing.

Within that period, the still-active phone line can be used to automatically call premium-rate numbers abroad that belong to members of the gang. In order to maximize their returns, the gangs favor phones provided by telecoms firms outside of Spain, and dial a variety of different numbers at the same time. In the end, it is almost like transferring money from a tourist’s personal bank account to a group of criminals.

The time between when a person realizes their phone is stolen and when they report it missing is key

US telecoms giant AT&T recently reported losses of up to €50 million from these schemes, though it was only able to justify €2 million of those. It also said around 3,000 customers had been affected by the fraud.

Fed up with the situation in Barcelona, AT&T contacted Europol, which began a joint investigation with Spain’s National Police in September 2013. Last summer, authorities were able to break up one major cellphone-scamming ring in the Catalan capital.

Barcelona, which for one week each year plays hosts to the Mobile World Congress – the most important annual cellphone industry conference – has become a major headache for telecoms firms the rest of the time.

According to figures given in the Catalan parliament by former regional interior chief Ramón Espadaler, 31,544 phones were reported stolen in the city in 2013 – an average of 87 per day.

The Mossos d’Esquadra Catalan police could not provide any updated figures when consulted by EL PAÍS, but a spokesman said the numbers had not changed much since then.

In 2013, 31,544 phones were reported stolen in the city – an average of 87 per day

But the problem is not just in Barcelona. According to the Spanish secretary of state for public security, 279,319 cellphones were reported stolen last year throughout Spain, which means that a cellphone was robbed every two minutes – a 19%-rise from the previous year. However, the number of false police reports filed by citizens to fraudulently collect on their insurance also needs to be taken into consideration.

Still, Barcelona remains the best place for these criminal gangs. “Without a doubt, it is the epicenter but that’s because it is a tourist hot spot,” explained a Vodafone spokesperson. “When something like this occurs, we are responsible for all the charges made after the client files a complaint. But those calls made before that are the customer’s responsibility.”

Nevertheless, Vodafone dropped its claim against Rhys Edwards after lawyers got involved in the case. Other telecoms firms also stopped pursuing customers for calls made after their phones were stolen following a media campaign launched by The Guardian.

More information

The gangs are well structured. They begin with the pickpockets on the street, and also include the city center bar owners who keep the stolen phones safe, the numerous cooperating calling centers and the cellphone repair shops whose job is to dismantle the phones and take out the SIM cards the following day.

Some telephones are simply unblocked in order to be resold. But others can be more valuable to criminals with their cards ending up in what is known as a SIM box, a device that can automatically make calls using various cards at the same time and thus generate money for the foreign premium-rate numbers.

This is where the police find their jobs difficult because most members of the organization operate outside of Spain.

During last summer’s Operation Phantom, Spanish police confiscated 83 cellphones, 81 SIM cards, six laptops, 18 pen drives, 16 credit cards and €6,200 in cash.

Pedro Morales, chief inspector in the squad’s Technological Crimes Unit, said at the center of the gang was a group of Pakistani nationals who used software available on the internet to make calls from stolen cards.

“We knew through phone taps and the antennae they used that they were working in the early hours,” he said. “When we went in we found them connected and racking up rates.”

Everyone agrees that it is difficult to trace where the stolen money ends up and whether terrorist organizations are using these schemes to finance their operations.

There were no clear signs of this in the Barcelona case, but investigators looking into the 2008 Mumbai terrorist attacks discovered that the perpetrators had used this method to help pay for the operation.

“I don’t know if this is the case [with the Barcelona organization] but there have been international arrests made of other criminals who used these methods and were found to have connections with terrorist organizations,” said Álvaro del Hoyo, an analyst with the cyber security management company S21sec.

English version by Martin Delfin.