Introduction
Phishing has become one of the primary digital threats in Mexico. This type of fraud, which mimics legitimate communications to gain confidential information, has already affected over 13.5 million people in the country by 2025.
Digital Fraud on the Rise
Phishing is part of a growing reason (7 out of 10) for digital incidents, including online banking, e-commerce, mobile payments, and other internet-based operations, according to Mexico’s Secretaría de Hacienda.
An estimated 6 million cyber frauds have occurred, a 40% increase from 2018. This figure significantly surpasses traditional frauds (2.2 million) with accumulated economic losses amounting to 20,000 million pesos.
Costly and Escalating Phishing
The average loss per phishing event is 8,750 pesos, with 23.1% of victims reporting monetary loss. Phishing is not only a growing threat but also costly and has the potential to escalate if immediate action isn’t taken.
Vulnerable Users and Businesses
Phishing employs increasingly sophisticated tactics. A common example is receiving a message appearing to be from a bank, warning about an unrecognized charge. Clicking the link grants access to a counterfeit page where users’ data is stolen, allowing criminals to access accounts, personal information, passwords, and money.
Both individuals and businesses are vulnerable. According to Kaspersky, 40% of small and medium enterprises (PyMEs) in Latin America have fallen victim to digital frauds. Mexico ranks second in the region for blocked attack attempts, following Brazil.
Perception and Prevention
According to The CIU, 34% of internet users have received suspicious messages requesting personal information, and one in three knows someone who fell for the trap. Of those affected:
- 61.5% lost passwords
- 38.5% lost private information (e.g., address or phone number)
- 15.4% lost access to their bank accounts
Alarmingly, one in three users feels little to no ability to detect and prevent phishing attempts. This equates to over 30 million vulnerable individuals in the country.
Despite this, only 18.6% has any protective software, and less than half (45.6%) avoids clicking on suspicious links.
Normative Vacuum
Despite the problem’s magnitude, Mexico lacks a robust regulatory framework to address phishing. The absence of clear penal tipification, effective mechanisms, and digital literacy campaigns from an early age leaves the general population exposed and authorities inert when it comes to complaints.
It is urgent to implement actions leading to legislation that includes both prevention and sanction of phishing. This should involve blocking numbers identified as spam, digital literacy campaigns for users of all ages—especially the elderly—and active coordination between regulators, operators, financial institutions, and technology companies.
Conclusion
Mexico’s path to full connectivity cannot be built on distrust or at the expense of millions’ assets. To foster a digital economy, secure environments are essential. Phishing is not a minor or temporary issue; it’s structural and requires an integral and effective response.
Key Questions and Answers
- Q: What is phishing? A: Phishing is a digital fraud that mimics legitimate communications to gain confidential information.
- Q: How many people have been affected by phishing in Mexico? A: Over 13.5 million people have been affected by phishing in Mexico by 2025.
- Q: What is the average loss per phishing event? A: The average loss per phishing event in Mexico is 8,750 pesos.
- Q: What percentage of internet users feel capable of detecting phishing attempts? A: Only 23.4% (100% – 34% who received suspicious messages – 38.5% who lost private information) of internet users feel capable of detecting phishing attempts.
- Q: What regulatory measures are needed to combat phishing in Mexico? A: Mexico requires a robust regulatory framework, including clear penal tipification, effective mechanisms, digital literacy campaigns, and active coordination between relevant parties.
