Could you ensure that your identity is protected? This question is increasingly difficult to answer given the race for ingenuity and speed that fraud prevention systems – and consumers – are waging against cybercriminals increasingly armed with artificial intelligence (AI) and automation tools. Experts and authorities warn that three seconds of telephone conversation are enough to generate voice clones capable of deceiving family members, colleagues or friends. Furthermore, access to the personal information of potential victims is growing thanks to the massive data leaks that occur daily in Mexico.
“You can’t imagine how easy it is to hold a conversation with your voice. It’s very simple: any student with a technical degree knows how to do it. It’s a very accessible technology,” says Carlos Santa Cruz, co-founder of Lynx, a fraud prevention and money laundering technology company with operations in the country. The professor from the Autonomous University of Madrid continues with some advice: “If someone calls and you don’t know the phone number, don’t speak, you don’t want your voice to be recorded. And then, if someone contacts you: absolutely no information is given!”
Although it is difficult to quantify the progress deepfake—photographs, videos or audio made with artificial intelligence that attempt to impersonate someone real, this year the Secretariat of Security and Citizen Protection (SSPC) of Mexico launched an alert together with Condusef, the financial consumer protection body, recommending citizens to take care of their voice coming from artificial intelligence and the risks of answering calls and messages from strangers. In its statement, the SSPC cites a global study by the security company McAfee, according to which one in four respondents has experienced a convincing scam based on voice cloning.
Mexico is among the countries with the highest criminal activity due to the harsh realities of arms trafficking, drugs, extortion and human trafficking, but also due to its growing cybercrime network, according to the Global Organized Crime Indexwhich gives it a crime level of 7.57 out of 10, third out of 193 nations. Now, cybersecurity professionals fear that this illicit – but organized, agile and highly profitable – industry will continue to grow, supported by regulatory gaps and the limited ability of state agencies to provide a timely response to a business that develops at the speed of technological advances.
Huge daily losses
The research unit of the Mexican cybersecurity company Silikn monitors the traditional Internet daily, as well as the nooks and crannies of the Deep Web and the Dark webwhich are not indexed by search engines and linked to anonymity and illegal activities. There they look for sensitive data to sell: “And to be able to alert organizations or users that their information is exposed and that they can take preventive or mitigation measures. This year we have gotten about two leaks a day. It is very serious,” emphasizes Víctor Ruiz, founder of the company. It turns out that most of the losses They come from the public sector, from the federal to the municipal level.
“Cybercriminals have realized that the government is not protected and continue to carry out attacks or attempted attacks,” warns Ruiz. When they detect a breach, they notify the relevant agencies. “Every time they violate the government, they violate all of us,” he points out.
A federal cybersecurity law initiative, which emerged in 2023 and revised in 2024, remains stalled in Congress. During the mandate of Andrés Manuel López Obrador, political predecessor of President Claudia Sheinbaum, at least two major cases of information leaks in the Administration were admitted, including that of the personal data of journalists covering the National Palace. In private companies, the Credit Bureau, which collects the credit history of bank customers, also suffered a serious breach.
These databases, which contain names, dates of birth, banking and family information, explain why many cybercriminals have such a detailed picture of their interlocutors when trying to contact them. vishingi.e. phone scams trying to access accounts or devices. “On August 4, 2025, I received a phone call from a supposed manager, who had my confidential information: name, type and branch of account, age, location of the plastic. He told me that a cardless withdrawal attempt had been detected and that I should block the function by generating a sheet, for which he requested access to my account and security data. After granting them, he made a cardless withdrawal and deactivated my notifications, consummating the fraud,” reads an anonymous complaint on the site Condusef monitoring portal.
Distrust grows
Security experts consulted by EL PAÍS agree that Mexico’s digital ecosystem has made prevention a priority with the adoption of biometric technologies to confirm identities, artificial intelligence to detect suspicious activity in real time and financial education campaigns. However, there is a connection that neither banks, nor e-commerce platforms, nor any other digital actor can reach: user decisions.
“We observe that fraud almost never begins with the transaction, but with a cyber attack in which credentials are stolen or malicious code is inserted. Artificial intelligence has become a force multiplier in the most recent cyber attacks,” explains Ana Lucia Magliano, executive vice president of Mastercard Latin America and Caribbean, adding that the brand has invested around $11 billion in cybersecurity alone in the last five years. The manager explains that the most frequent attacks are concentrated in e-commerce, especially due to the increase skimming digital, that uses malicious code on payment sites to acquire sensitive information, and the card testswhere criminals test stolen cards through microtransactions. In less than six months of testing before launching its latest prevention and response product for banks, issuers and merchants, Mastercard identified more than 9,500 malicious domains linked to data theft and prevented at least $120 million in fraud.
Given all this, it is the end user who pays the price. According to a survey by Jumio, a digital identity company from Silicon Valley Being present in Latin America, Mexicans are particularly concerned about their digital vulnerability. When around 8,000 consumers in several countries were surveyed about whether they feel anxious about being deceived by manipulated content on social networks, such as messages modified by artificial intelligence, 83% of Mexicans responded positively, above the global average of 72%.
This also reflects the fact that, contrary to popular belief, victims of online fraud are not relegated to a particular socioeconomic or age group. It’s a crime that can happen to anyone. “We see a high level of user manipulation and both entities and governments are responsible for it. If we see it from the side of an entity, in e-commerce or in any business, it’s about training the user so that they understand that we will never ask for their data through a connection. But the consumer should also take care not to enter their information anywhere. Cross-sector collaboration is essential,” summarizes Pilar Pereira, head of strategic alliances at Jumio.
