Mobile Mayhem: How Fraudsters Hijacked Latin America’s Digital Revolution

On a sweltering afternoon in Mexico City, Ana checked her banking app and gasped - her savings had vanished. She wasn’t alone. Across Latin America, a new breed of cybercriminal is exploiting the region’s rapid shift to mobile banking, triggering a fraud crisis that’s leaving victims - and banks - scrambling for answers.

Inside the Mobile Fraud Epidemic

The digital banking boom in Latin America has turned millions into first-time app users, but it’s also created a perfect storm for cybercriminals. According to a BioCatch report, fraud rates in the region have soared past global averages, fueled by a sharp uptick in mobile-based attacks. Social engineering schemes - where scammers trick victims into handing over sensitive information - have more than doubled, while malware and account takeover operations are evolving at breakneck speed.

“Attackers are chaining together multiple tactics, starting with a simple phone call and ending with a full account takeover and fraudulent transfer,” explains Josué Martínez, BioCatch’s regional advisory director. The attackers’ new playbook often starts with gaining access to a mobile device - either through remote-access malware or outright theft. Once inside, they can bypass traditional security checks, using the device as a trusted “second factor” to authorize transfers and drain accounts.

This trend is particularly acute in countries like Mexico and Brazil, where mobile-first adoption is highest. In Mexico, account takeovers quadrupled in 2025. Brazil saw stolen-device incidents skyrocket by 340%. Colombia, meanwhile, is battling a surge in SIM swapping, phishing, and mobile malware. The common denominator? A reliance on Android devices and an influx of inexperienced digital users, making for a lucrative target pool.

Adding fuel to the fire, banks in much of Latin America are not always liable for customer losses. “Without a legal requirement to reimburse scam victims, there’s little financial incentive for banks to invest in the latest fraud prevention,” says Martínez. That leaves consumers exposed, especially as threat actors - ranging from local fraud rings to Chinese cyber groups - deploy increasingly sophisticated tools like banking Trojans and remote-access kits.

Yet, there are signs of hope. Argentina’s adoption of a real-time fraud intelligence-sharing network helped slash mule account activity, showing that coordinated, layered defenses can move the needle. Experts argue that Latin America’s banks must abandon static, siloed defenses and embrace consortium-based intelligence and context-driven risk analysis to keep pace with ever-shifting criminal tactics.

Looking Forward

As Latin America’s digital revolution accelerates, so too does the arms race between fraudsters and defenders. The region’s future may hinge on whether banks, governments, and consumers can work together to outwit the cybercriminals exploiting its mobile-first economy.

WIKICROOK

• Social Engineering: Social engineering is the use of deception by hackers to trick people into revealing confidential information or providing unauthorized system access.
• Account Takeover (ATO): Account Takeover (ATO) occurs when a cybercriminal gains control of a real user's account by stealing their login credentials, often for malicious purposes.
• Remote Access Trojan (RAT): A Remote Access Trojan (RAT) is malware that lets attackers secretly control a victim’s computer from anywhere, enabling theft and spying.
• SIM Swapping: SIM Swapping is a scam where criminals trick phone companies into transferring your number to their device, letting them access your calls and texts.
• Money Mule: A money mule is a person or account used to transfer or launder stolen money, often recruited unknowingly to help cybercriminals hide illegal funds.