Digital banking fraud across Latin America has seen a measurable increase, currently outpacing other global regions. This trend is primarily driven by elevated rates of social engineering, unauthorized account access, and mobile-focused security incidents.
According to a 2025 report published by fraud and financial-crime prevention firm BioCatch, social engineering attempts increased by 155% in the region. The data also indicates sharp climbs in malware, remote-access fraud, and unauthorized access stemming from stolen devices. These metrics indicate a structural shift in methodologies, where threat actors increasingly chain techniques together, moving from voice-based scams to account takeover (ATO), and ultimately to unauthorized financial transfers.
Josué Martínez, senior director of global advisory for Latin America at BioCatch, notes that gaining physical or remote access to a device enables unauthorized parties to initiate a sequence of actions resulting in misdirected funds.
"We are seeing continuous evolution in attackers' methods, with tactics that increasingly target and undermine authentication layers rather than individual transactions," Martínez says. "As a result, traditional controls are often insufficient on their own."
Organizations in Latin America currently experience approximately 50% more security incidents than the global average. Over the past year, specific threat groups—including Vixen Panda, Aquatic Panda, and Liminal Panda. Have focused on government agencies, telecom providers, and military entities in the region. Concurrently, Brazilian threat actors recently deployed a banking Trojan designed to automatically collect banking credentials from consumers.
The impact of these trends varies by country. Mexico observed a 300% increase in account takeover attempts, while Colombia experienced broader increases across phishing, SIM swapping, and malware. Conversely, Argentina recorded a decline in mule account activity following the implementation of a real-time fraud intelligence-sharing network, demonstrating how coordinated defensive measures effectively shift outcomes and reduce risk.
Fraud driven by a mobile-first economy
Part of the challenge for financial institutions involves regional liability frameworks. When governments do not consistently hold banks liable for fraud losses, institutions may face less immediate financial incentive to prioritize preventative cybersecurity controls.
"In many countries, scam-related losses are not consistently reimbursed by financial institutions, which reduces the immediate financial incentive to invest aggressively in preventative controls focused on social engineering," Martínez says. "At the same time, rapid digital adoption — often driven by mobile-first users and real-time payments, has expanded the number of less-experienced digital consumers, creating a larger and more attractive pool of potential victims."
Account-takeover incidents are increasing, with Mexican banks seeing a fourfold increase in 2025, and the broader region encountering 1.6 times more incidents. Mobile devices are the primary focus because controlling the device often allows a threat actor to bypass second-factor authentication and proceed with an ATO.
"The majority of users rely on Android devices, [and] the widespread availability of remote-access tools for this operating system drives a higher incidence of these scams, which are frequently used in multiple ways to defraud users," Martínez adds.
Late last year, Chinese-speaking threat actors focused on the region with a banking bot dubbed ToxicPanda, which attempted to compromise accounts at 16 different financial institutions. In March, an Android-based banking Trojan targeted Brazil's Pix mobile payment network, deceiving users into installing software that remained dormant on the device until it could intercept and redirect payments.
Regional variations in fraud patterns
While each country in Latin America manages a distinct threat profile, the focus on mobile environments extends across the region. BioCatch reports a 340% year-over-year increase in stolen devices in Brazil. Colombia sees smaller increases in device theft but faces elevated rates of SIM swapping and mobile malware. Additionally, the deployment of remote access Trojans (RATs) targeting mobile devices rose during the latter half of 2025.
Argentina's reduction in money-mule accounts in late 2025 stands out as a positive departure from regional averages. However, when organizations effectively mitigate a specific methodology, unauthorized parties adapt quickly.
"Once banks in a given country have effectively solved for a particular MO, fraudsters will either change MOs or shift their focus to a different geography," Martínez says.
To stay ahead of these shifts, organizations must move beyond static defenses and prioritize collaboration. Technical controls work best when paired with broader context.
"Technical controls must be complemented by additional capabilities that provide broader context, such as consortium-based intelligence that helps assess the risk reputation of the target account," Martínez says. "This layered approach allows institutions to move beyond isolated signals and develop a more accurate understanding of intent and exposure."
(Original reporting by Robert Lemos, contributing writer and veteran technology journalist.)