Overview
- Authorities in Mexico and Spain issued fresh alerts about active campaigns, including Spotify‑themed text messages in Mexico that led to emptied accounts and Spain’s so‑called mailbox ruse.
- In the Spanish scheme, a fake bank SMS lists a number to call, the caller then asks for codes that authorize transfers, and the crooks may later tell the victim to leave cash, cards or jewelry in a building mailbox for a fake courier.
- Investigators describe a shift to hybrid tactics that blend texts, voice calls, WhatsApp outreach and AI voice cloning, often backed by spoofed caller IDs or malicious QR codes that steer people to look‑alike banking pages.
- Security agencies urge people to never share PINs or one‑time codes, to skip links in unsolicited messages, and to contact banks only through official channels, and they advise victims to block cards, change passwords and report cases to banks, police and CONDUSEF.
- Regulators point to strong customer authentication under PSD2 and say banks must monitor for abnormal activity, yet refunds depend on case details, while Mexico’s consumer agency reports older adults now account for about 32% of related complaints.