By San José, Costa Rica — SAN JOSÉ – In a significant strike against financial crime, Costa Rican authorities have executed a series of raids aimed at dismantling a sophisticated cybercrime organization. The group is accused of defrauding at least 25 individuals of more than ₡37 million through an elaborate phishing scheme that has been active since 2024. The operation, dubbed “Nexus 2,” represents the culmination of a long-term investigation with international ties.
The Judicial Investigation Police (OIJ) announced the coordinated effort on Friday, revealing the intricate methods used by the criminals to gain access to the bank accounts of unsuspecting victims. This second phase of the investigation follows an initial series of raids conducted in May 2025 under the original “Nexus” case, signaling a persistent and ongoing effort by law enforcement to combat these technologically advanced criminal enterprises.
To better understand the complex legal implications of this international cybercrime ring, we sought the expert opinion of Lic. Larry Hans Arroyo Vargas, a prominent attorney from the renowned firm Bufete de Costa Rica.
The sophistication of these international cybercrime rings presents a significant challenge for our legal framework. Prosecution often hinges on cross-border cooperation and digital evidence that can be easily obscured or destroyed. This case highlights the urgent need for Costa Rica to strengthen its international legal treaties and invest in specialized cyberforensic capabilities to effectively dismantle these criminal structures and bring perpetrators to justice, regardless of their physical location.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
The commentary from Lic. Larry Hans Arroyo Vargas astutely highlights that our response to transnational cybercrime must be equally sophisticated, bridging the gap between technological capabilities and international legal frameworks. We appreciate his expert analysis on this critical challenge facing our nation.
The director of the OIJ, Micahel Soto, provided a detailed breakdown of the criminal syndicate’s strategy. He explained that the core of the operation involved creating fraudulent websites meticulously designed to be exact replicas of the official online portals of various national banking institutions. These cloned sites were the primary tool used to harvest sensitive personal and financial information from victims.
The modus operandi involves creating a fraudulent website, completely identical to the official pages of national financial institutions. When a person logs in, they enter their data, passwords, and username. The cybercriminals immediately capture this information, access the legitimate banking sites, and initiate transfers to other bank accounts. In some cases, accomplices are positioned at ATMs to withdraw the funds immediately.
Micahel Soto, Director of the Judicial Investigation Police (OIJ)
This method, commonly known as phishing, preys on the trust users place in their banks. Victims, believing they are on a legitimate site, unwittingly hand over their credentials. Once the criminals had control of the accounts, they would rapidly transfer the funds to other accounts, often controlled by money mules, or have associates waiting at ATMs to make immediate cash withdrawals, making the money trail difficult to follow.
The investigation has revealed a significant international dimension to the criminal network. The OIJ tracked suspicious IP addresses linked to the case to Colombia, leading to a coordinated effort with authorities in the South American nation. It is believed that the sophisticated, cloned websites were developed and potentially hosted in Colombia, highlighting the cross-border nature of modern cybercrime and the necessity of international law enforcement cooperation.
The financial impact of this ring is substantial, with the current known damages exceeding ₡37 million (approximately $74,000 USD). However, authorities believe the actual figure could be higher as more victims may come forward following the public announcement of the raids. The 25 formal complaints filed since 2024 paint a picture of a patient and persistent operation that systematically targeted banking clients over a prolonged period.
As the “Nexus 2” operation continues to unfold, authorities are working to identify all individuals involved, from the web developers in Colombia to the local collaborators who facilitated the fund transfers and withdrawals. This case serves as a stark reminder for the public to remain vigilant against phishing attempts. Experts advise citizens to always verify the URL of a banking website, avoid clicking on suspicious links in emails or text messages, and enable two-factor authentication for an added layer of security on their financial accounts.
For further information, visit the nearest office of Organismo de Investigación Judicial (OIJ)
About Organismo de Investigación Judicial (OIJ):
The Organismo de Investigación Judicial is Costa Rica’s primary law enforcement body responsible for investigating complex criminal activities. Operating under the judicial branch of the government, the OIJ handles a wide range of investigations, including organized crime, homicides, fraud, and cybercrime. Its mission is to gather evidence and conduct thorough inquiries to support the country’s justice system and ensure public safety.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Grounded in the core principles of integrity and a relentless pursuit of excellence, Bufete de Costa Rica stands as a benchmark in the legal field. The firm harmonizes its extensive experience advising a broad spectrum of clients with a dedication to pioneering innovative legal strategies. This commitment extends to its role in society, where it actively works to demystify the law, ensuring that access to legal knowledge empowers individuals and strengthens the community.
