Beware of WhatsApp and Phone Scams: How Fraudsters Steal Data and Money in Colombia

by priyanka.patel tech editor

A sophisticated wave of “vishing”—voice phishing—is sweeping through Colombia, leaving thousands of users vulnerable to a psychological trap that blends technical jargon with urgent threats. The scam typically begins with a deceptive phone call where perpetrators pose as WhatsApp support agents, claiming to have detected “unusual movements” on the victim’s device to create immediate panic.

These coordinated attacks are not merely about stealing a chat account; they are gateways to full financial compromise. By simulating a security crisis, criminals manipulate victims into handing over sensitive data and authorizing voluntary bank transfers, often under the guise of “protecting” their own funds. The scale of the issue is reflected in recent data from the Superintendencia Financiera de Colombia, which noted that the national financial system faced more than 27 billion cyberattacks in the first half of 2025.

The human cost of these operations is highlighted by the testimony of a TikTok user known as Mamazotas, who detailed how she and her family members were targeted. Her experience reveals a calculated process of disorientation and pressure, where the attacker shifts from a “helpful” technician to a stern authority figure to prevent the victim from hanging up or seeking outside help.

According to data from TransUnion, the threat of digital fraud is increasingly tied to the telephone. Their findings indicate that 27% of digital fraud attempts in Colombia are conducted via phone calls, with 33% of respondents reporting attempted scams and 9% confirming they had fallen victim to these schemes.

The Anatomy of the ‘WhatsApp Support’ Trap

The scam relies on a high-pressure psychological sequence designed to bypass a user’s critical thinking. It begins with a timed strike—often early in the morning when the victim is groggy and more susceptible to suggestion. The attacker claims that “unusual movements” were detected from a strange device or location, forcing the user into a state of alert.

Once the victim is panicked, the scammer introduces the “savior” persona. This individual offers a seemingly simple solution: blocking the WhatsApp account to prevent further data leaks. In reality, by following these instructions, the victim provides the attacker with the necessary verification codes to hijack the account. Once the criminals gain control, they immediately begin messaging the victim’s contact list to solicit money, pretending to be the account owner in distress.

Los delincuentes simulan ser operadores de soporte técnico para obtener códigos de acceso y datos sensibles de sus víctimas – crédito (Imagen Ilustrativa Infobae)

From Account Hijacking to Financial Drain

The scam evolves quickly from a technical issue to a financial one. Once the victim’s WhatsApp is compromised, the attackers introduce a second persona—a supposed bank official. This individual claims that the “unusual movements” have already affected the victim’s bank accounts and offers to “secure” the funds.

Under this guise, the victim is instructed to produce a cash advance or transfer their balance to a different account, such as Nequi, claiming it is a temporary safety measure. The psychological pressure peaks during this phase; if the victim attempts to hang up, the scammer threatens them, stating that they will “leave a record” that the victim refused to protect their money and that any subsequent loss will be their sole responsibility.

The outcome is often a total loss of funds. When victims eventually contact their actual banks, they find that the “case numbers” or “radicados” provided by the scammers are non-existent. Due to the fact that the transfers were made voluntarily by the user, banks often cannot reverse the transactions.

Vista de cerca de una persona sosteniendo un celular con ambas manos, mostrando en pantalla el logo de WhatsApp y un escudo rojo con un candado tachado y una exclamación.
Las autoridades recomiendan no compartir códigos de verificación ni información personal por teléfono y activar la verificación en dos pasos – crédito (Imagen Ilustrativa Infobae)

The Scale of Digital Fraud in Colombia

The surge in these attacks is part of a broader trend of digital fraud targeting the Colombian population. The first half of 2025 saw a staggering number of complaints, with over 309,000 claims for digital fraud recorded, primarily centered on payments, and purchases. The vulnerability is further highlighted by the period between July and September, during which banks received more than 240,000 fraud-related complaints.

Digital Fraud Trends in Colombia (2025)
Metric Statistic / Volume
Cyberattacks on Financial System (H1 2025) 27 Billion+
Digital Fraud Claims (H1 2025) 309,000+
Bank Fraud Complaints (July-Sept) 240,000+
Vishing Attempt Rate (TransUnion) 27% of digital fraud
WhatsApp - Android - celulares - tecnología - 15 de febrero
Una vez que acceden a la cuenta, los estafadores suplantan la identidad de la víctima para solicitar dinero a sus contactos – crédito (Imagen ilustrativa Infobae)

Prevention and Immediate Next Steps

Security experts and financial authorities emphasize that the best defense against these scams is a combination of technical settings and behavioral skepticism. Since the attackers rely on urgency and trust, breaking the cycle of the call is the most effective way to stop the fraud.

To protect your identity and assets, users are urged to implement the following measures:

  • Enable Two-Step Verification: This adds an extra layer of security to WhatsApp, requiring a PIN to register your phone number on a new device.
  • Never Share Verification Codes: No legitimate company, including WhatsApp or your bank, will ever ask for a verification code or password over the phone.
  • Verify Independently: If you receive a call about “unusual movements,” hang up immediately and contact your bank or the service provider through their official, verified app or phone number.
  • Distrust Unexpected Calls: Be wary of any caller who creates a sense of extreme urgency or threatens you with legal or financial consequences for hanging up.

Disclaimer: This article is for informational purposes only and does not constitute legal or financial advice. If you have been a victim of fraud, contact your local law enforcement agency and your financial institution immediately.

As cybercrime continues to evolve, the Colombian government and financial regulators are expected to update their cybersecurity protocols and public awareness campaigns. The next critical checkpoint for users will be the release of updated fraud statistics for the second half of 2025, which will help determine if current prevention measures are effectively reducing the success rate of vishing attacks.

Help us spread awareness to protect others. Share this article with your family and friends, and let us know in the comments if you have encountered similar attempts.

You may also like

Leave a Comment