Understanding the “Montadeudas” Fraud in Mexico
Mexico has become a significant hub for digital fraud schemes known as “montadeudas,” according to cybersecurity firm Kaspersky. These fraudulent loan applications have seen a surge in 2025, fueling an underground market of stolen identities and economic losses ranging from false microloans to multi-million dollar scams.
How “Montadeudas” Fraud Works
The “montadeudas” scheme operates with a simple logic. They offer express credits in exchange for filling out a digital form. Fraudsters send messages that simulate loan approval or immediate access to credit, accompanied by a link to download an application. Once installed, victims provide official document photos, account numbers, or even biometric data.
“Fake loan apps where you just fill in your details, and they give you credit with almost no requirements,” said Leandro Cuozzo, senior investigator in Kaspersky’s Global Research and Analysis Team (GReAT).
The outcome isn’t a deposit in the account but mass identity capture, and sometimes even device locking where the app was installed. The extracted data is then sold in clandestine forums to the highest bidder.
Mexico’s Position Among Latin American Countries
According to Kaspersky’s presentation at the Cyber Security Week 2025, Mexico leads Brazil, Colombia, Ecuador, Peru, and Chile in the map of regions most affected by these types of scams. The country’s appeal lies in the growing demand for quick credit, limited legitimate credit offerings from banks, and low digital verification levels.
“When a new system or technology is introduced, there’s often confusion or lack of knowledge from the user. That’s where attackers come in,” said Cuozzo during the Cyber Security Week.
Impact and Prevention
The impact of “montadeudas” extends beyond the initial fraud, as stolen identities can be used to open accounts, contract services under the victim’s name, or blackmail third parties. The scammers may also demand repayment of the ‘debt’ along with interests in exchange for unlocking the device where the app was downloaded to request the loan.
- Do not open links from unofficial sources via messages.
- Verify the existence of platforms on legitimate portals.
- Report suspicious accounts and apps to cut off the scam.
“There are no extraordinary gains in the financial world; no one will give you a thousand dollars for just a dollar, and it’s impossible in the timeframe they promise,” Cuozzo stated.
Institutional Response
The response should be twofold: banks and fintechs must strengthen official communication channels; authorities should pursue identity theft and sanction data trading; and tech companies must swiftly remove fraudulent apps and domains within their ecosystems.
“Every time money or confidential data is involved, remember to analyze messages thrice before clicking on any link,” Cuozzo advised.
