Fraud across Latin America's digital banking sector has accelerated, outpacing other global regions and driven by a surge in social engineering, account takeovers, and mobile-based attacks. Social engineering scams jumped 155% in 2025, while malware, remote-access fraud, and stolen-device incidents all climbed sharply across the region, according to a report published by **BioCatch**, a fraud and financial-crime prevention firm. The surge in attacks highlights a structural shift in the way attackers are operating in the region, chaining together techniques to move from voice scams to account takeover to, ultimately, fraudulent transfers. Gaining access to a device — whether through remote takeover or device theft — allows fraudsters to kick off an attack chain that leads to stolen funds, says Josué Martínez, senior director of global advisory for Latin America at **BioCatch**. "We are seeing continuous evolution in attackers' methods, with tactics that increasingly target and undermine authentication layers rather than individual transactions," he says. "As a result, traditional controls are often insufficient on their own." [Related:](https://www.darkreading.com/cyberattacks-data-breaches/bank-trojan-casbaneiro-worms-latin-america) [Bank Trojan 'Casbaneiro' Worms Through Latin America](https://www.darkreading.com/cyberattacks-data-breaches/bank-trojan-casbaneiro-worms-latin-america) Latin America has become an increasingly popular target of cyberattackers, with organizations in the region currently seeing [about 50% more attacks](https://www.darkreading.com/cyber-risk/cyberattacks-latin-american-governments) than the average global organization. Over the past year, Chinese groups — such as Vixen Panda, Aquatic Panda, and Liminal Panda — have targeted government agencies, telecom providers, and military entities in Latin America. Meanwhile, Brazilian threat actors recently used [a banking Trojan that spread automatically](https://www.darkreading.com/cyberattacks-data-breaches/bank-trojan-casbaneiro-worms-latin-america) to collect banking credentials from unwitting consumers. The impact of fraud is uneven across the region. Mexico saw account takeover attempts surge more than 300%, while Colombia experienced broad increases across phishing, SIM swapping, and malware. In contrast, Argentina recorded a decline in mule activity after launching a real-time fraud intelligence-sharing network, highlighting how coordinated defenses can shift outcomes. ## Fraud Driven by a Mobile-First Economy Part of the problem for financial institutions in the region is that governments do not necessarily hold banks liable for losses to fraud, which means the institutions may not have an incentive to invest in cybersecurity, Martínez says. "In many countries, scam-related losses are not consistently reimbursed by financial institutions, which reduces the immediate financial incentive to invest aggressively in preventative controls focused on social engineering," he says. "At the same time, rapid digital adoption — often driven by mobile-first users and real-time payments — has expanded the number of less-experienced digital consumers, creating a larger and more attractive pool of potential victims." [Related:](https://www.darkreading.com/cyberattacks-data-breaches/chinese-police-chatgpt-smear-japan-pm-takaichi) [Chinese Police Use ChatGPT to Smear Japan PM Takaichi](https://www.darkreading.com/cyberattacks-data-breaches/chinese-police-chatgpt-smear-japan-pm-takaichi)  Account-takeover scams are on the rise as well, with banks in Mexico seeing a quadrupling of attacks in 2025, and the region as a whole encountering 1.6 times more attacks, the report stated. Attackers target mobile devices because, if they can control the device, they can use it as a second factor and pursue account takeover (ATO) attacks, Martínez notes. "The majority of users rely on Android devices, [and] the widespread availability of remote-access tools for this operating system drives a higher incidence of these scams, which are frequently used in multiple ways to defraud users," he says. Late last year, Chinese-speaking attackers targeted the region with a banking bot dubbed ToxicPanda, which [actively targeted the customers at 16 different financial institutions](https://www.darkreading.com/application-security/android-botnet-toxicpanda-bashes-banks-europe-latin-america). In March, an Android-base banking Trojan targeted a Brazilian mobile payments solution, **Pix**, [fooling users into installing the program](https://www.darkreading.com/application-security/real-time-banking-trojan-strikes-brazils-pix-users), which then stayed on the device until it could divert payments. ## Different Latin American Regions, Different Fraud [Related:](https://www.darkreading.com/cyberattacks-data-breaches/singapore-major-telcos-fend-chinese-hackers) [Singapore & Its 4 Major Telcos Fend Off Chinese Hackers](https://www.darkreading.com/cyberattacks-data-breaches/singapore-major-telcos-fend-chinese-hackers) Each country in LatAm has had to deal with a different threat profile, but the focus on mobile extends across the region. Brazil has encountered a surge in stolen devices, up 340% year over year, while Colombia contends with smaller increases in stolen devices, but also a variety of other device-focused fraud, such as SIM swapping and mobile malware, according to the **BioCatch** report. The use of remote access Trojans (RATs) targeting mobile devices also rose quickly in the latter half of 2025. One good trend: Argentina saw money-mule accounts decline in the latter half of 2025, a departure from other countries in the region. Yet, fraudsters are quick to move on, Martínez says. "Once banks in a given country have effectively solved for a particular MO, fraudsters will either change MOs or shift their focus to a different geography," he says. Companies need to move beyond static defenses and collaborate with each other to head off the threat, Martínez says. "Technical controls must be complemented by additional capabilities that provide broader context, such as consortium-based intelligence that helps assess the risk reputation of the target account," he says. "This layered approach allows institutions to move beyond isolated signals and develop a more accurate understanding of intent and exposure."