Spanish payment providers reported €153,027,315 in fraudulent credit transfers in 2024, across 86,382 transactions, in the EU's supervisory data. Card fraud was a comparable €141 million — but spread across vastly more transactions, at much smaller values. Transfers are where the large single losses happen.
Spain's crime statistics cannot take you further than that. The Ministerio del Interior recorded 429,677 "fraude informático" offences in 2025, nearly 90% of all recorded cybercrime — but it does not break out CEO fraud, BEC, invoice fraud, or supplier impersonation as distinct categories at all. No Spanish official source publishes a euro figure for invoice fraud. Anyone who quotes you one is not quoting an official statistic.
The closest official signal comes from INCIBE, Spain's national cybersecurity institute, which handled 45,445 online-fraud incidents in 2025, up 19%. Of the consultations it received specifically from businesses, 18% concerned impersonation and 9% concerned fraude del CEO — a meaningful share, though INCIBE publishes no loss figure attached to them.
The Banco de España's complaints data shows where the system's attention actually sits: fraud made up 14% of complaint subject matter in 2024, in a record year of 56,099 complaints — but 98% of those complaints came from consumers. The bank-liability criteria Spanish regulators publish are built almost entirely on consumer disputes, not business ones.