Cybercriminals are using "poisoned SMS" messages to steal funds by impersonating banks and government authorities in Mexico and Spain [1, 2].

This fraud is particularly dangerous because it utilizes spoofing to mimic trusted institutions, allowing attackers to bypass traditional skepticism and quickly drain victim accounts [1, 4].

The scheme involves sending text messages that appear to come from banks, the SAT, the UIF, or local authorities [1]. These messages contain malicious links or QR codes that, once activated, grant criminals access to the user's financial information [1, 4]. In Mexico City, some messages have specifically mimicked traffic fine notifications to lure victims into clicking [3].

Authorities said that retirees are frequent targets of these scams due to their perceived vulnerability to official-sounding requests [1, 5]. The fraud has been active since 2025, with reports increasing in intensity throughout the current year [3, 5].

In Spain, the scale of digital fraud has reached critical levels. More than 430,000 computer-related scams were registered in 2025 [5]. The trend has continued into the current year, with more than 340,000 reports filed in the first few months of 2026 alone [5].

Regional impacts vary, with significant activity reported in the Aragon region of Spain and throughout Mexico City [2, 3]. Security experts said that these messages can empty a bank account in minutes once the malicious link is engaged [1].

These messages can empty a bank account in minutes once the malicious link is engaged.

The rise of poisoned SMS fraud demonstrates a shift toward high-precision social engineering where criminals exploit the perceived legitimacy of government and financial alerts. By targeting specific demographics like retirees and using localized lures such as traffic fines, attackers increase the likelihood of a successful breach. The high volume of reports in Spain suggests that automated spoofing tools are becoming more accessible, making it harder for users to distinguish official communications from fraudulent ones.