This a real story of a real victim who banks with a real BioCatch customer. Names have been changed to protect the victim’s privacy.
It was a day that began like any other for María, a retired schoolteacher in Mexico. She’d already put on a pot of coffee and started preparing breakfast when she received a text message from an unknown number:
We have detected an unusual charge on your credit card. If you do not recognize the charge of $10,000 pesos, please contact this number. If you do not contact us, your account could be blocked.
María began to panic. She didn’t recognize the charge, and the sum mentioned represented far more than she could afford. She also has needed that credit card to remain active so she could pay some upcoming bills.
María called the number that sent her the text. Someone answered her call in the same way her bank would. They knew the welcome phrase and the privacy notices. They even told her the bank would never ask for passwords or usernames.
María believed she was speaking to her bank. So, when the person on the other end of the line told her they’d detected not only an unauthorized transaction for $10,000 pesos on her card but also a series of smaller purchases, María listened for what she should do next.
The operator told María she needed to authorize a transaction from her account in order to unblock it so the bank could then reverse any unauthorized transactions. This, said the person on the phone, was standard operating procedure in circumstances like this one and was even backed by Mexico’s central bank.
Feeling scared, anxious, and eager to solve this problem as quickly as possible, María prepared to do what the telephone operator instructed, readying a transfer of funds from her existing account to an account the person on the phone said was owned by the bank and from which the bank would return María’s money after it reversed the unauthorized payments.
María entered her account number. Then she began to enter the number of the account provided to her over the phone.
At this point, María’s bank started sending her notifications, asking her questions she’d never seen before:
Do you know the owner of this account?
Are you making this transfer to a recipient of whom you have a reference?
María relayed these questions to the person on the phone, whom she believed to represent the bank asking her these questions. The operator told her to answer yes to each question.
María did so. Then, as she prepared to provide an authentication method, the bank sent María a new message:
Sometimes people with bad intentions contact you to ask you to make transactions to third-party accounts in order to scam you. If you suspect this, we suggest you not make the transaction, hang up, and contact the official numbers of the bank.
At this point, María began to doubt that the person on the other end of the line was who they said they were. She hung up, overcoming the kind of moment of anxiety scammers love to create and then take advantage.
In Latin America, there are more than 1.6 million cases of telephone scams like this one reported by local regulators and authorities every year. Scammers manufacture and then take advantage of the vulnerabilities of retail banking customers for massive gains. Voice scam cases are up by 65%. Losses sit at an estimated more than $2 billion per year. The increase is especially pronounced in Argentina, Colombia, Mexico, and Brazil, where we’ve seen scams increase by double-digit percentages over the last three years.
The recent explosion of digital services and channels has allowed fraudsters to pivot from unauthorized fraud to the manipulation of retail banking customers.
In Latin America, we’ve seen increases in voice, WhatsApp, and text message scams originating from prisons. From behind bars, these scammers seek to scam the user out of their hard-earned money and/or gain access to their instant messaging accounts.
For years, governments in Latin American countries have tried to fence and control the use of mobile phones from inside prisons, but recent data from a BioCatch customer shows a 12% increase over the last two years in scam attempts originating from prisons. New technologies allow mobile phone holders to utilize multiple virtual lines from the same physical device.
Behavioral insights allow financial institutions to detect voice scams like these in real time, sending warnings like the ones María received or – when the customer continues to believe in the legitimacy of the scammer and the scammer’s story – freezing suspicious transactions before the customer can fall victim.
