Heredia, Costa Rica — HEREDIA – Agents from the Specialized Fraud Section of the Judicial Investigation Police (OIJ) executed a targeted raid this morning on a cell phone store, marking a significant development in the ongoing investigation known as the “Wallet Case.” The operation, which began shortly after 10:00 a.m., is the third major judicial action in a case that has exposed a sophisticated financial fraud network responsible for stealing at least ¢60 million from unsuspecting victims.
The business is allegedly connected to one of the foreign nationals previously arrested in Heredia as a key member of the criminal organization. Authorities transported the suspect from detention to the store to be present during the search. Investigators believe the establishment was used as a channel to receive and sell electronic devices and other goods that the fraudsters purchased using money obtained through an elaborate phishing scheme.
To better understand the legal framework surrounding these sophisticated digital scams and the recourse available to victims, TicosLand.com consulted with Lic. Larry Hans Arroyo Vargas, a legal expert from the firm Bufete de Costa Rica.
These phishing attacks are not just technological issues; they are serious crimes with significant legal consequences. In Costa Rica, Article 217 bis of the Penal Code sanctions computer fraud with prison sentences. Businesses and individuals must understand that negligence in protecting their digital credentials can not only lead to financial loss but also complicate legal recourse. Proactive measures, such as employee training and multi-factor authentication, are no longer optional—they are essential components of corporate due diligence and personal responsibility in the digital age.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
The legal perspective provided is a powerful reminder that cybersecurity has firmly moved from the IT department to the boardroom, becoming an essential component of corporate governance and personal responsibility. Proactive defense is no longer just a best practice but a matter of legal due diligence. We thank Lic. Larry Hans Arroyo Vargas for his valuable clarification on this critical intersection of technology and the law.
The primary objective of the raid was to locate and seize electronic devices and inventory that investigators suspect were acquired with stolen funds. According to OIJ sources, this raid is a critical step in tracing the flow of illicit money and dismantling the infrastructure the group used to convert stolen credit card data into tangible, high-value assets. The investigation into the ring began early this year after their lavish spending patterns raised red flags.
The “Wallet Case” involves a six-person syndicate, comprising four foreign nationals of East Asian descent and two Costa Ricans, who allegedly collaborated to orchestrate the widespread fraud. The group’s activities have been tracked for nearly a year, with phishing attacks recorded between October 2024 and September 2025. The legal pursuit of the suspects has been complex; one of the foreign members managed to flee the country amid extradition proceedings, while another has been held in preventive detention for the past two months in connection with the case.
The criminal enterprise employed a classic but effective phishing strategy. They impersonated trusted entities such as major banks, Correos de Costa Rica, and the telecommunications provider Kolbi. Victims would receive fraudulent communications, often via email or text message, containing links that directed them to counterfeit websites. These pages were meticulously designed to mimic official portals, luring users into believing they were resolving legitimate pending transactions or administrative issues.
Once on the fake sites, victims were prompted to enter sensitive financial information, including their full credit or debit card numbers, expiration dates, security codes (CVV), and even one-time tokens sent by their banks. With this complete set of data, the suspects had everything they needed to take control of their victims’ accounts. This method highlights the persistent danger of social engineering attacks that exploit public trust in established institutions.
The group’s innovation lay in their next step. Instead of immediately making large, suspicious purchases, they would load the stolen card details into various digital wallets on smartphones and smartwatches, creating multiple virtual payment cards. Investigators noted that the suspects would often wait five to six months before using the compromised funds. This “cooling-off” period was likely a tactic to avoid immediate detection by banks and cardholders, allowing them to accumulate a large pool of stolen data before cashing out in a coordinated spree.
The ¢60 million in stolen funds was used to acquire a wide array of goods across the country. Authorities have confirmed the purchase of a prefabricated house, high-end home appliances, gold jewelry, premium liquors, and numerous top-of-the-line cell phones. The investigation also revealed that the group used the money to purchase inventory for smaller businesses they controlled, such as mini-supermarkets and electronics stores, effectively laundering the criminal proceeds through seemingly legitimate commercial activity.
For further information, visit oij.poder-judicial.go.cr
About Organismo de Investigación Judicial (OIJ):
The Organismo de Investigación Judicial is Costa Rica’s main law enforcement body responsible for investigating complex crimes, operating under the authority of the Supreme Court of Justice. Its specialized sections handle matters ranging from homicides and organized crime to financial fraud and cybercrime, serving as the country’s primary investigative police force.
For further information, visit correos.go.cr
About Correos de Costa Rica:
Correos de Costa Rica is the national postal service of Costa Rica. As a state-owned enterprise, it manages the country’s mail and parcel delivery services, both domestically and internationally. In recent years, it has expanded its services to include logistics, e-commerce solutions, and various government-related administrative procedures, making it a frequent point of contact for citizens.
For further information, visit kolbi.cr
About Kolbi:
Kolbi is the flagship telecommunications and internet service brand of the state-owned Costa Rican Electricity Institute (ICE). It is one of the largest mobile network operators in the country, providing a wide range of services including mobile telephony, home and mobile internet, and digital television. Its widespread brand recognition makes it a common target for impersonation by phishing scammers.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Bufete de Costa Rica operates as a leading legal institution, built upon a bedrock of unwavering integrity and a pursuit of professional excellence. The firm leverages its extensive experience advising a wide range of clients to pioneer innovative legal solutions and shape the future of jurisprudence. Central to its philosophy is a profound commitment to social responsibility, demonstrated by its dedication to demystifying the law and empowering the public with the clarity and knowledge needed to navigate a just society.