An investigation by the Guardia di Finanza reveals a criminal organization active in five European countries. While cybercrime in Italy continues to grow relentlessly (€181 million stolen in 2024 alone), Confindustria Cuneo launches the Legal Check and reinforces a crucial theme: technology alone is not enough—people need to be educated.
The Romance Scam That Opened an International Case
It all begins with a report.
A victim comes to the Guardia di Finanza in Cuneo and describes falling for what investigators call a “romance scam“: an online romantic relationship that turned out to be an orchestrated scheme to steal money. It was not an isolated case. That single report opened a window onto a much larger and more structured criminal system, with ramifications in five European countries: Italy, Portugal, Lithuania, Northern Ireland, and Belgium.
The Economic and Financial Police Unit of Cuneo, coordinated by the local Public Prosecutor’s Office, conducted an investigation that concluded on February 26, 2026, establishing the responsibility of 23 individuals listed in the register of suspects. For one of them, the Preliminary Investigations Judge of the Court of Cuneo ordered pre-trial detention, deeming him responsible for fraud, self-laundering, and identity theft. Two other suspects were already detained for other illegal activities.
The group’s modus operandi was sophisticated and multi-phase.
The criminals created fake profiles on major social networks and dating apps, building credible digital identities through identity theft techniques and, in some cases, with the support of artificial intelligence for realistic photos, videos, and conversations. Once a relationship of trust was established (often romantic in nature, exploiting emotional vulnerabilities), the second phase kicked in: requests for money for alleged medical emergencies, family problems, or promised trips that never materialized.
In other cases, victims were lured by investment proposals in cryptocurrencies and digital wallets, presented as easy profit opportunities.
The collected funds were then systematically diverted to a network of bank accounts held by the suspects, or converted into cryptocurrencies to make tracing more difficult. Applying the “follow the money” principle, the Guardia di Finanza reconstructed transactions totaling approximately €900,000, establishing hypotheses of money laundering and self-laundering. The Preliminary Investigations Judge ordered the preventive seizure of 19 financial accounts deemed instrumental to the illegal activities. Investigations continue to reconstruct the entire network of financial flows and clarify roles and responsibilities within the organization.
Cybercrime in Italy: The Numbers of a Silent Emergency
The Cuneo case is not a peripheral story, but rather a reflection of a phenomenon that has reached the dimensions of a genuine national emergency. Data from the 2024 Report of the Postal Police and Cybersecurity paint a concerning picture: during the year, 18,714 cases of online fraud were handled, marking a 15% increase from 16,325 in 2023. But even more alarming is the growth in stolen amounts, which increased by 32%, jumping from €137 million to €181 million. Added to these figures are frauds, which reached €48 million, with a 20% increase.
On the infrastructure attack front, the National Cybercrime Center for Critical Infrastructure Protection (CNAIPIC) handled approximately 12,000 significant attacks in 2024, issuing over 59,000 alerts on IT systems of national interest. The preferred targets remain local public administrations—particularly municipalities and healthcare facilities—and companies providing essential services in the transportation, finance, healthcare, and telecommunications sectors. Ransomware and DDoS attacks remain the most widely used tools, with an increasingly marked presence of state-sponsored actors linked to international geopolitical contexts.
The local data should not be underestimated: in Piedmont and Valle d’Aosta, in 2024, reported online fraud and scams rose from 1,751 to 1,794 cases. Throughout Italy, in the same year, there were 1,500 cases of sextortion, with victims mostly adult males, and 264 cases of non-consensual sharing of intimate images.
The number of arrests increased by 33%, rising from 108 to 144, confirming a more effective investigative response.
Ivano Gabrielli, Director of the Postal Police and Cybersecurity Service, has defined online economic and financial crime as “the most significant area of action for complex, internationally distributed organizations.”
The Most Exposed Sectors: From Industry to Public Administration
Cyber threats do not strike uniformly. Manufacturing and industrial companies are among the most frequent targets of ransomware attacks, which block production systems and demand ransoms for data restoration. The financial and banking sector is systematically targeted with phishing, smishing, and Business Email Compromise (BEC) techniques, where criminals impersonate executives or suppliers to divert payments. Healthcare remains vulnerable due to the sensitivity of the data handled and often due to outdated IT systems.
SMEs, which represent the heart of the Italian productive fabric, are particularly exposed precisely because they rarely have dedicated cybersecurity resources and trained personnel to recognize threats.
A common characteristic of almost all successful attacks is the human factor: according to the most credible international estimates, over 90% of security breaches start with a human error or lapse—a click on a malicious link, a weak password, an email attachment opened without verifying its source.
This is the so-called “weakest link in the chain”: it doesn’t matter how robust the technical firewall is if someone inside the organization doesn’t know how to recognize a threat.
Legal Check: Confindustria Cuneo’s Response to Businesses
In this scenario, a concrete response on the prevention front also comes from Cuneo. On February 23, 2026, three days before the conclusion of the Guardia di Finanza operation, Confindustria Cuneo presented a new operational tool for member companies in the Sala Ferrero: the “Legal Check.”
The initiative was presented during the conference “Reading Risk, Understanding Rules” and was developed with the contribution of the Chamber of Commerce of Cuneo.
The Legal Check is a free self-assessment questionnaire that allows companies to measure their level of exposure to regulatory risks. The tool is divided into four independent and complementary modules: administrative liability of entities (Legislative Decree 231/2001), privacy (GDPR), cybersecurity (with reference to the NIS2 directive), and adequacy of organizational structures with a focus on business crisis indicators.
Each module allows for targeted and modular analysis, designed especially for SMEs that often lack internal resources to navigate regulatory complexity.
The message that emerged strongly from the conference is that compliance should no longer be experienced as a bureaucratic requirement imposed from outside, but as a strategic lever for competitiveness.
The Human Factor: The Weak Link That No Firewall Can Replace
The Cuneo operation on the romance scam network clearly demonstrates how the primary attack vector was not a technical exploit on a corporate server, but the psychological manipulation of real people. Social engineering—the art of deceiving human beings to obtain information or money—is today the most pervasive threat and the most difficult to counter with purely technological tools. Phishing, spear phishing, vishing (via phone), smishing (via SMS), and the more elaborate romance scams or BEC (Business Email Compromise) all share the same characteristic: they aim to deceive a person, not to breach a computer system.
For this reason, experts agree in identifying continuous training as the most effective security measure with the best cost-benefit ratio. Training employees means teaching them to recognize red flags: an email with a sender slightly different from usual, an urgent request for a wire transfer from an “executive,” a private message from a stranger who is strangely attentive. It means creating a culture where reporting a phishing attempt is not perceived as a sign of incompetence, but as a positive contribution to collective security. It means, ultimately, transforming every person in the organization from a potential point of vulnerability to a first line of defense.
Attack simulations (phishing), periodic training, social engineering tests, and awareness programs are proven tools that the most advanced companies use systematically.
It’s not about replacing technical solutions—antivirus, EDR, firewalls, multi-factor authentication systems remain essential—but about complementing them with people’s awareness.
A state-of-the-art IT system without trained personnel is like a cutting-edge safe with the combination written on a sticky note attached to the door.
Conclusions
The real challenge, therefore, remains cultural. As the Cuneo operation demonstrated, cybercrime has no geographical boundaries, respects no sectors, and does not stop based on the size of the company or person targeted. Anyone can be a victim, at any time, through a private message on a dating app, a seemingly innocent email, or a cryptocurrency investment promising impossible returns.
The most effective, and most democratic, response is knowledge. Knowing how these mechanisms work, recognizing manipulation techniques, trusting institutions, and reporting are behaviors that can be learned.
And they can make the difference between remaining a victim and becoming the protagonist of your own digital security.
