Cybercrime: Getting Mugged Online

The "online street” is a somewhat unfortunate term, but it has already become established in our country. It originated in Argentine political jargon: mastering networks, imposing agendas, pushing slogans until they feel like the weather. The problem is that, by extension, it describes a harsher truth: the digital realm operates as another living space, but without territory. They call it cyberspace in the manuals; for the average user, it’s an endless hallway with thousands of doors that open at any hour.

In the real street, safety is built through physical presence and routine: patrols, lighting, CCTV, the same people watching. Online, that works differently. No one is “watching” you while you scroll. There’s no corner, no siren nearby, no panic button that can help. If you get robbed, scammed, or encounter an old groomer, the State is likely to show up late and stumbling, once the incident has already occurred and the urgent task is to piece it back together.

Thus, slowly, the screen became just another sidewalk. Everything happens through a small, personal, and intimate device. The attacker doesn’t need to be close, just to refine their skills and persist.

While traces are left everywhere, since almost everything leaves a record, almost nothing arrives organized for reporting. Therefore, seeking justice, when Justice itself is confused by post-truth, is complicated. An account in one country, a server in another, the victim here.

The internet records a lot because it’s made up of logs, metadata, backups, captures, and histories. The problem is turning that mud into evidence: chain of custody, authenticity, integrity, attribution. Digital evidence breaks easily due to a capture without context, a link that expires, a piece of data that depends on a private platform, an analysis that takes months, a jurisdiction that doesn’t reach. And now another noise is added: AI has made forgery cheaper and certainty more expensive. If the origin is disputed, the investigation slows down. If the veracity is questioned, the case cools off, and everything gradually fades into oblivion.

On that edge works the Specialized Prosecutor's Unit for Cybercrime Investigation of the Judicial Department of San Isidro, within the Public Prosecutor's Office. The man behind (or in front of) it is Alejandro Musso, a cybercrime prosecutor. His name has appeared in joint operations with organizations like the FBI, INTERPOL, and Europol. He often emphasizes a key point: in the internet, there is no “patrolling,” like in a neighborhood; intervention occurs, in any case, over patterns and signals.

“Cyberspace is not a physical territory, but it is a space where people live, work, shop, get informed, and interact. And where there is human activity, there is crime.” This phrase maps out the landscape: if life has moved to the screen, so has crime. The point is not to compare the web to a plaza; the point is to acknowledge that there are already victims, damages, and scenes, even if the scene is a chat and the weapon is a link. “On the street, safety is built with patrol cars, police presence, and physical prevention, but here it’s a different ecosystem; in the digital world, the logic is different: you don’t patrol a territory, you patrol behaviors,” he explains.

This is the turning point. “Behaviors” would be indicators: attack patterns, organized campaigns, infrastructure used, coordinated accounts, signs of intrusion. Patrolling becomes a matter of reading and correlating data. Less whistle blowing and more traces. “This implies: monitoring, early detection, traffic analysis, investigation in the dark web, international cooperation,” details the cyber prosecutor.

The U.F.E.I.C. of San Isidro is an unusual prosecutor's office. Upon entering, a plastic sculpture made of ethernet/LAN cables stands in front of a mural featuring a poem by Ximena Schmoll.

“Digital society has immersed us in a

parallel reality, the dimension of

time and space has broken. We are online.

Different spaces overlap in the

same time. Many realities are

simultaneously presented to

the same person, realities that

throw us into an absent environment.”

There are no papers anywhere. No stacked files, no ringed folders, no binders. Not a trace typical of any unit of the judicial power. 

Part of that elite of cyber investigators working there is Diego Lugo: a police officer trained in criminalistics, and for years the go-to guy when any case began to relate to telecommunications (first calls, then SMS or GSM communications, and later the new technologies of instant messaging). He points out: “I worked since 2007 in the Departmental Directorate of Investigations of San Isidro. From the beginning, I was linked to complex crimes in the DDI. My profile was mostly technological, as a communications analyst, always from the perspective of studying organized crime.”

In the following years, he focused on investigating complex thefts and homicides. It was around 2014 that he worked on his first case side by side with Alejandro Musso. A very well-organized gang, specialized in phone scams. “The Llorona gang,” Lugo clarifies; “They were people who called and said they had kidnapped a relative. In the background, you could hear ‘mom, mom’, screams, desperation, and crying. It was an organization dedicated to this type of virtual extortion through phone calls.” The scheme started with an emotionally violent call: the “llorona” instilled panic, urgency, and cognitive disarray. With the victim destabilized, the operational part kicked in: they prevented the person from “thinking for two minutes,” pushed them not to hang up, and led them to provide information (names, relationships, routines). With that, the negotiation group closed the narrative of the “kidnapped relative” and rushed the payment. They made 4,000 extortion calls a month. Probably, if they didn’t call you, they surely called someone close.

They weren't cybercrimes, but rather their primary form, a kind of virtual kidnapping done over the phone. But Musso, Lugo, and their team managed to turn the tables.

To ensure that no reader of 421.net falls for the bait and gets caught in the wild online streets, we asked Lugo what the most common forms of digital pickpocketing are. As a starting point, the police officer, lawyer, and criminologist proposes an operational classification: two main categories that then branch out into a thousand variations.

The first group consists of crimes committed through social engineering: a crime involving conversation, deception, impersonation, and psychological pressure. The second is more complex from a technological standpoint, as it involves technical attacks: malware, remote access, ransomware, operations that require more preparation, and a corporate focus.

Social engineering includes the classics: phishing, website impersonation, fake profiles, phone calls, and two contemporary “stars” that dominate the scene. One is the investment scam driven by social media and increasingly by AI: fake ads, false testimonials, promises of returns, 24/7 bots that assist you, and a narrative of a unique opportunity that rushes you into transferring funds. The other is the romance scam: the criminal builds an emotional connection with a fake profile (sometimes over weeks), establishes trust, shifts the conversation to a “private” channel, and when they have you hooked, urgency appears: a medical emergency, a ticket, a debt, a “sure thing” business to get ahead. The hook is emotional, the outcome is financial, and the subsequent shame of the victim acts as a silent accomplice.

“Phishing is a very common classic: identity theft to lead you into a mistake. They clone a page, capture your user credentials, then ask for the second factor and that's where they take everything. Today, the star is investment fraud, with fake videos created using artificial intelligence.”

The most repeated case is summed up on the street with a phrase: “they hacked my WhatsApp.” Lugo translates it into procedure: SIM swapping, line theft, account takeover, quick cashing. First, they create a spreadsheet with your data (from a leak, social networks, open sources, the usual). Then they buy a cheap SIM card, call the phone company, and pretend to be you. They answer validation questions like someone jumping a turnstile, activate the line in their “operational name,” and your number migrates. With that control, they try to register WhatsApp: you receive a code, and that's where the human part of the crime comes in, the request with deception. Once inside, they take inventory of contacts and move on to the final step, the painful one: chain messages, requests for transfers, collections before anyone can understand what happened. It's a robbery without weapons, but with a coldly calculated script.

The scam works because it uses a chain of social trust and a soft link: the rushed user who hands over a code as if they were dictating their ID number at a guard post. A minimal action, a huge damage.

The rest of the catalog of cyber thefts that Lugo describes has one thing in common: scale. Even when the hit starts small, the goal is to multiply.

• Card fraud: data sold on Telegram or forums, purchases, resales, disputes, chargebacks.
• 50% Payments: the criminal poses as a “manager” to pay you a real debt (credit card, loan, service), pays it with someone else's card or stolen data, shows you the receipt to make it all seem legal, charges you in cash half or a percentage, and when the true owner disputes the charge and the chargeback comes in, the fraudulent operation collapses, but the scammer has already pocketed the money.
• Paper Company: they set up a company with a neat facade and a believable “life” (tax ID, transactions, networks, some storefront or address), fill it with payment terminals and collection points, generate fake sales as if they were selling a lot, quickly withdraw the cash, and bet on the typical window of 30 to 60 days until complaints, chargebacks, and alerts start coming in, at which point the structure collapses and they are already far away, with the funds laundered through bridge accounts.
• Corporate banking malware: they install spy software on a company terminal via an email or a fake file, leave it idle for a while to avoid detection. They watch how the money moves (who authorizes, which banks are used, what times, what amounts pass without alarm). When they have the complete map, they enter the corporate online banking and drain the account in a flurry of transfers to “mule accounts” (people or accounts borrowed to receive and bounce the money before the bank or the victim reacts).
• Ransomware: a link falls into the hands of an employee who is slacking off. They encrypt all their information. Then the extortion follows, demanding payment in crypto and threatening to publish data. Checkmate. “There is a lot of underreporting for this type of crime due to lack of reporting,” Lugo explains.

In all cases, the same pattern emerges: the crime dresses up as a business.

Marketing, funnels, support, infrastructure rotation, outsourcing. And, on the other side, the State working with bureaucratic timelines in a hyper-fast world.

All of this tells us that the solution is singular: since no one is looking out for you on the internet, the only option left is to avoid being naive and know how you can get caught. Don't let them clean out your account or your aunt's, so send her this note from 421.