Foolishly, I consider myself savvy about bank fraud in Mexico.
I worked in banking for 19 years. I’ve never fallen for the usual scams – the Nigerian prince, the “friend stuck at the airport”.
But I just helped someone steal MXN 6,000 from my account at Santander. No guns, and knives. Or threats were involved. I fell for a con. Another viral blog post, Paying Social Security in Mexico for Household Staff, helps you.
Here’s what happened.
My Mexican cell phone rang. The screen showed the number I’d registered for Santander.
I’ve sat endlessly in Santander branches watching their video about bank fraud, and how they’ll never ask for personal information over the phone.
But this was them. It was their number. Clearly. So I took the call.
🚩 THIS NUMBER WAS CLONED. I SHOULD NEVER HAVE TAKEN THE CALL.
A man – “Alejandro Garcia Hernandez” – asked if I’d recently changed the phone number associated with my account. I said no.
I felt a nervous twinge.
He said someone had just tried to do so and read me a telephone number in my area code.
He asked if I recognized the number, and I said I didn’t. My heart beat faster.
He said we needed to take steps immediately to protect the account, and that he would walk me through it.
Relief rushed in. The bank was protecting me! Phew!
“Alejandro” said he was going to give me a bunch of numbers to write down – a folio de reporte (report number), a folio de cancelación (to block the account), a folio de reposición (to replace my card), and his operator number.
He fired these at me quickly, urgently. I raced to write them down, struggling with the technical Spanish terms.
He asked me to log onto the bank app on my phone, confirm the balance, and see if I recognized the recent transactions.
Certain that I was talking with Santander, and because he sounded so plausible, I didn’t think clearly.
He had me exactly where he wanted me.
🚩 THEY WIN YOUR CONFIDENCE BY SCARING YOU AND PRETENDING THEY ARE HELPING YOU. THEY NEVER ACTUALLY ASKED ME TO MOVE MONEY.
Then he played his master card.
He said he was transferring our call to Fraud Services.
Any lingering tiny doubt in my mind evaporated. Despite having seen all the Ocean’s 11 series, I could not imagine anyone mounting such an elaborate con against me.
My normal skepticism was overwhelmed by relief.
“Arlet Martinez Hernandez” took over.
She shot a flurry of security questions at me. Do we buy a lot online? Do we store data online? I shouldn’t use the same ATM twice. I should eliminate my history if I buy online.
She said they were blocking the account and would only allow me to access my account via my phone.
Also, she said they weren’t sure where the fraudsters “got in”, but I needed to replace my card. She spoke quickly, professionally, earnestly. She said they could deliver the card to my house, or I could go to the bank, but she recommended going to the branch.
I trusted her recommendation – she had my best interests at heart.
We talked about when I would go into the branch. I said I didn’t have to take out cash now, as long as I could go on Monday.
We agreed on the time – she was very specific. I asked her if I should go to the branch I always go to on such-and-such street. She said yes.
🚩 I VOLUNTEERED ALL THE INFORMATION THEY NEEDED – MY BALANCE, WHICH BRANCH I USE.
She said I could make one cash withdrawal, by a Retiro sin tarjeta – we’d generate a QR code, and I could go to an ATM and withdraw it without using my card.
But since the limit was MXN 6,000, it would have to be in two passes, unless we increased the limit.
So (I’d swallowed the hook by now), she walked me through that and the withdrawals. Each time, she gave me a temporary PIN (the two-digit day/month first, then the month/year).
She said we had to hang up when I typed in my actual PIN on the mobile app. As she was not allowed to be on the phone during that for security purposes.
For some reason, only one withdrawal of MXN 6,000 went through.
She asked me for the number on the QR code for the one that worked, and I gave it to her.
🚩 AT THIS POINT, I HAD BEEN SCAMMED AND THE MONEY WAS LOST IRREVOCABLY.
“Arlet” explained that for Santander to guarantee the balance, they needed to move all the money out of the account via the QR code withdrawal.
Since it wouldn’t let us do another one, she said they’d need to investigate, and she’d call me back in two days, at 2 pm.
Then she told me to write down her operator ID, and we hung up.
“Janet” called two days later at 2 pm.
She said there was an open ticket for fraud. That showed that MXN 6,000 was withdrawn. But she assured me it was apartado (on hold), not gone.
She said this resguardo (synonym for on hold) has to be for the full balance, because whoever is trying to hack me could take all my money.
So (hard to believe I’m this gullible, I hear it as I type), we tried again.
But for some reason, the luck of the foolish? – It still didn’t work.
We tried to do it again. But she said the system was being updated.
I asked if I could send the balance to an account with another bank, and she “checked” but said no, that wouldn’t work.
She said she or “Arlet” would call back Saturday (the next day) at 9 am.
I didn’t get a call on Saturday, but figured it was the weekend, so I tried again, but it still didn’t work.
Also, I waited impatiently for Monday. When the account would be unblocked and I could pick up my new card.
I called the Santander customer service phone on Monday to say I was going to be earlier than expected, and they said No problem, I could arrive at any time.
Unbelievably, I still had no suspicions.
Then I went into my branch. When I told the branch executive that I was there for my appointment, to pick up my card, he just looked at me blankly.
I explained the situation, watching in horror as his expression changed from confusion to dawning comprehension.
He asked if I’d given them any of my information, and I said no, they were never on the phone when I typed my password.
He asked if I’d given them the number for the QR code. I had to say yes.
I raced to the ATM to check on the withdrawal. And it showed that it had already been executed, on Wednesday, the day this started.
The executive, looking miserable, said that since I had given them the QR number, the bank would not refund the money.
He said they run videos and ads telling customers they will never call and ask for money.
I said they didn’t ask for money, they called to tell me somebody was changing my telephone number, and they called from Santander’s own number!
He said they had cloned the number – something I’d only heard of on TV.
He said the number I showed him is not an outgoing telephone number, it is only for incoming calls.
I yelled that that would have been very useful to know! He just shook his head sadly.
🚩 THE BANK ISN’T RESPONSIBLE IF YOU GIVE ANYONE INFORMATION ABOUT YOUR ACCOUNT.
He said that he had seen this before.
Scammers rent a warehouse and set up a whole call center to run the con.
He said it is likely they even open an account at the bank, so that they mimic their protocols.
If I hadn’t felt so disgusted, I’d have admired how deftly they’d conned me.
🚩LESSONS LEARNED:
- If someone calls “from your bank” to report a security issue, hang up and call your bank or go into your branch.
- Your bank will never call you except to offer you credit cards and banking products. I recommend ignoring those calls, too, just in case.
According to a 2023 study by the Mexican government and a May 2024 Forbes Mexico article.
People commit 15,000 fraud crimes daily.
Cases have almost doubled since 2015. I was lucky and only lost MXN 6,000.
Don’t fall for it the way I did!
[1] Instituto Belisario Domínguez 
(IBD) is a specialized body within the Mexican Senate that conducts strategic research on issues relating to Mexican development, legislation, and situational analyses.
Aguirre Quezada, J.P. (2023). “El fraude en México: daños patrimoniales y trabajo legislativo para enfrentarlo” Cuaderno de investigación No.99, Instituto Belisario Domínguez, Senado de la República, Ciudad México, 27p. Biblioteca digital del Instituto: 
Article 386 of the Federal Criminal Code (CPF) defines it as: “the crime of fraud is committed by anyone who, by deceiving someone or taking advantage of the error in which he/she finds himself/herself, illegally obtains something or makes an undue profit” (CPF, 2023, p. 123). The crimes of fraud and extortion are committed daily, 15,000 per day in the first case and 13,000 per day in the second…The Executive Secretariat of the National Public Security System (SESNSP) reported that from January to May 2023, 45,308 acts of fraud have been reported nationwide (SESNSP, 2023)… Regarding totals per year, the SESNSP reported a significant growth between 2020 (73,583 cases) to 2022 (103,940). – Likewise, from January 2015 to May 2023, 642,433 cases of fraud were reported nationwide.
[2] Forbes Mexico, May 30, 2024 @ 10:58 am. These are the people most prone to financial fraud; learn how to prevent it.
It is estimated that 15,000 frauds are registered every day in the country. Here are 5 key tips to prevent you from becoming a victim of financial fraud.
Financial fraud is a problem that has grown and has been perfected in large part. Due to technological advances that allow criminals to refine their methods. According to the study El fraude en México: daños patrimoniales y trabajo legislativo para enfrentarlo. Prepared by the Instituto Belisario Domínguez del Senado de la República. 15,000 frauds are registered daily in the country.
“Financial frauds are worrisome and worrying, especially because nowadays there are several fraud methods and no one is exempt from risk. Among the most common are financial pyramids, card cloning, express credit, cyber-attacks, phishing, among many others,” explains Hugh Bruce, Chief Consumer Officer of Círculo de Crédito.
Uninformed people are usually the most common victims. Or those who are not so familiar with new technologies. Therefore, the Chief Consumer Officer of Círculo de Crédito points out that, regardless of the method of fraud, information is key to prevention.
“It is essential to implement tools that allow us to protect ourselves as users against financial fraud, as it can result in significant financial losses, damage our credit reputation and generate considerable stress. It is also vitally important to stay informed about common fraud tactics, use secure and unique passwords, as well as regularly monitor bank accounts and credit history,” says Bruce.
Faced with this problem, Círculo de Crédito lists some essential recommendations to prevent financial fraud:
Consult the Special Credit Report: Regularly consulting the credit history makes it easier for the user to identify any suspicious activity on time. You can do this through the Special Credit Report. Where the user can consult their credits, payments and movements.
Activate Security Alerts: Security alerts are key to detecting financial fraud in time. Whether banking apps or SICs such as Círculo de Crédito.
Use Strong Passwords: Strong passwords are essential to protect accounts. A strong password should include a combination of uppercase and lowercase letters, numbers and special characters. In addition, it is important not to use the same password for multiple accounts.
Update Software and Operating Systems: Keeping software and operating systems updated on either the cell phone or computer is essential. To ensure that any user is protected against vulnerabilities. Updates often include security patches that fix these vulnerabilities.
Report Phishing: Phishing is a common fraud technique in which criminals impersonate trusted entities to steal sensitive information. Knowing the signs of a phishing attempt can help users avoid falling for these scams.
