Navigating Cybercrime Currents in Latin America: Strengthening the Region’s Defenses

Group-IB documents a widespread scam loan campaign targeting Latin America — especially Brazil — where attackers use Facebook ads and impersonated financial brands to lure victims to fake sites that employ Typebot chat interfaces and S3/minio-hosted resources to collect CPF, personal details, and credit card information (including CVV). Researchers identified at least 97 malicious domains and about 27 fake payment portals, described the scam flow (identity verification, simulated loan approval, insurance/collateral requests, and payment pages accessible only via Brazilian VPN), and provided mitigation advice including source verification, user education, anti-phishing tools, MFA, and reporting.