Rising Phishing and Call and Hang Up Scams: How They Work and What They Steal
Peru’s financial sector grapples with 35% surge in “llama y corta” scams, prompting B2B cybersecurity and compliance upgrades
Peru’s financial institutions reported a 35% year-over-year increase in “llama y corta” (cold call fraud) and phishing incidents in Q1 2026, according to the Central Reserve Bank of Peru. The surge, driven by sophisticated social engineering tactics, has forced firms to accelerate investments in fraud detection systems and legal risk management protocols.

The Central Reserve Bank’s quarterly financial stability report highlights that 68% of affected entities experienced direct fund transfers to offshore accounts, with average losses reaching $127,000 per incident. “These scams exploit gaps in employee training and outdated authentication protocols,” says Maria Lopez, CISO of Banco Interbank, in a recent interview. “The cost of inaction far exceeds the price of modernizing infrastructure.”
How scammers exploit legacy systems and human psychology
Scammers typically initiate contact via unsolicited calls or emails, impersonating bank officials to extract login credentials or transfer instructions. A 2026 study by the Peruvian Institute of Financial Innovation (IPIF) found that 42% of victims were employees of small-to-midsize firms lacking multi-factor authentication. “The attack vector is simple but effective,” notes Carlos Mendez, a cybersecurity analyst at KPMG Peru. “It’s not about technical vulnerabilities—it’s about manipulating trust.”

The modus operandi often involves spoofed email domains and voice-cloning software to mimic executive voices. In one case, a Lima-based logistics firm lost $2.3 million after a fraudster impersonated its CFO and directed a payment to a shell company in the Bahamas. “The email appeared legitimate, with company-specific jargon and a forged digital signature,” recalls the firm’s CFO, who requested anonymity. “We only realized the breach when the recipient flagged the transaction as suspicious.”
Financial fallout and corporate response strategies
The economic impact extends beyond direct losses. A 2026 World Bank analysis estimates that fraud-related disruptions cost Peru’s economy $4.2 billion annually in lost productivity and increased insurance premiums. “Companies are now factoring fraud risk into their capital allocation decisions,” says Sofia Ramirez, head of corporate risk at Scotiabank Peru. “We’ve seen a 200% increase in requests for real-time transaction monitoring tools since last year.”
Major banks have partnered with cybersecurity providers like Darktrace and CrowdStrike to deploy AI-driven anomaly detection systems. Banco de Crédito, Peru’s largest bank, reported a 60% reduction in successful phishing attempts after implementing behavioral biometrics. “The technology analyzes typing patterns, mouse movements, and device fingerprints to flag suspicious activity,” explains CTO Luis Alvarez. “It’s not about trusting employees—it’s about building layers of defense.”
Legal and compliance challenges in a borderless threat landscape
The rise in cross-border fraud has exposed gaps in Peru’s regulatory framework. While the Central Reserve Bank mandates customer due diligence under Law 30444, enforcement remains inconsistent. “Many firms still rely on manual checks rather than automated KYC solutions,” says Diego Torres, a partner at law firm Arellano & Cia. “This creates vulnerabilities that bad actors exploit.”
Corporate legal teams are now prioritizing contractual revisions to limit liability in fraud cases. A 2026 survey by the Peruvian Chamber of Commerce found that 58% of firms have updated their vendor agreements to include clauses requiring third-party cybersecurity certifications. “We’re seeing a shift from reactive to proactive risk management,” says Torres. “It’s no longer just about compliance—it’s about survival.”
Pathways for B2B solutions in the fraud mitigation ecosystem
The crisis has created opportunities for enterprise service providers specializing in financial crime prevention. Cybersecurity firms offering AI-based fraud detection, compliance consulting for cross-border transactions, and digital transformation advisors are experiencing heightened demand.
For example, cybersecurity vendor Palo Alto Networks reported a 140% spike in Peru-based clients seeking zero-trust architecture implementations. “The market is demanding solutions that integrate seamlessly with legacy systems while maintaining regulatory adherence,” says regional director Ana Mendoza. “This is a $2.1 billion opportunity over the next three years.”
As fraud tactics evolve, the need for continuous adaptation is critical. “The threat landscape is dynamic, and so must be our defenses,” says Mendoza. “Companies that fail to invest now will face far greater costs down the line.”
The Central Reserve Bank has announced plans to launch a national fraud alert system by 2027, but experts caution that no single solution can eliminate risks. “This is a marathon, not a sprint,” says Ramirez. “The key is to build resilience through technology, training, and strategic partnerships.”
For businesses navigating this evolving threat, the World Today News Directory offers vetted B2B providers specializing in financial risk management, cybersecurity, and regulatory compliance—resources critical for safeguarding operations in an increasingly digital economy.