Peru loan phishing campaign impersonating financial institutions across Latin America
Campaign
Summary
Hide ▲
Show ▼
A Peru-focused loan phishing campaign has expanded across Latin America, putting users' card numbers, PIN codes, and banking credentials at risk. The operation has been active since 2024 and uses social media ads plus fake loan portals to collect usable financial data. Its validation-heavy flow helps the scammers filter for high-value victims and makes the fraud harder to spot.
Related Happenings
FIFA logins traded on dark-web markets
Data Leak
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
Around **2,500 FIFA logins** have surfaced on **dark-web markets**, turning stolen credentials into an active exposure that can fuel account abuse and downstream fraud. The leak i...
FIFA logins traded on dark-web markets
Data LeakAbout this happening: Around **2,500 FIFA logins** have surfaced on **dark-web markets**, turning stolen credentials into an active exposure that can fuel account abuse and downstream fraud. The leak i...
Ghost Stadium FIFA World Cup fraud campaign
Campaign
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
A **Ghost Stadium** fraud campaign has registered **4,300+ FIFA lookalike domains** and is using **paid Facebook ads** to funnel **2026 FIFA World Cup** fans into phishing and tic...
Ghost Stadium FIFA World Cup fraud campaign
CampaignAbout this happening: A **Ghost Stadium** fraud campaign has registered **4,300+ FIFA lookalike domains** and is using **paid Facebook ads** to funnel **2026 FIFA World Cup** fans into phishing and tic...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
Campaign
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
CampaignAbout this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
Caller-as-a-Service scam ecosystem professionalizes underground fraud
Threat Actor Meta
First: 22.04.2026 17:01
Last: 22.04.2026 17:01
Sources 1
About this happening:
The **Caller-as-a-Service** scam ecosystem has become **highly professionalized and segmented**, making fraud easier to scale and harder to disrupt. Distinct operators now handle...
Caller-as-a-Service scam ecosystem professionalizes underground fraud
Threat Actor MetaAbout this happening: The **Caller-as-a-Service** scam ecosystem has become **highly professionalized and segmented**, making fraud easier to scale and harder to disrupt. Distinct operators now handle...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
Campaign
First: 20.04.2026 16:33
Last: 20.04.2026 16:33
Sources 1
About this happening:
The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
CampaignAbout this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Timeline
-
21.01.2026 17:00 2 articles · 4mo ago
Group-IB uncovers Peru loan phishing campaign impersonating banks
Initial DisclosureGroup-IB discloses a Peru-focused loan phishing campaign that impersonates well-known financial institutions, uses targeted social media advertisements to drive victims to fake loan application portals, and filters submissions with validation checks before stealing usable card numbers, PIN codes, and online banking passwords. The campaign has been active since 2024, with about 35 unique ads identified between 2024 and 2025, at least 16 scam domains posing as a leading Peruvian bank, and around 370 unique domains overall; similar infrastructure has also impersonated financial brands in Colombia, El Salvador, Chile, and Ecuador.
Show sources
- Peruvian Loan Scam Harvests Cards and PINs via Fake Applications — www.infosecurity-magazine.com — 21.01.2026 17:00
- Peruvian Loan Scam Harvests Cards and PINs via Fake Applications — www.infosecurity-magazine.com — 21.01.2026 17:00