Lorenza Martinez, director of the Payment System of the Bank of Mexico, informed Reuters in a telephone interview last week that more than five Mexican financial institutions have recently observed “unauthorized transfers,” resulting in hundreds of millions of pesos stolen.

Cybercriminals siphoned 400 million of pesos ($20.4 million) out of Mexican banks, including the second largest bank: Grupo Financiero Banorte, by generating “phantom orders that wired funds to fake accounts and promptly withdrew the money,” sources close to the government’s investigation told Reuters. Sources explained how cybercriminals “sent hundreds of false orders to move amounts ranging from tens of thousands to hundreds of thousands of pesos from banks including Banorte, to fake accounts in other banks.” Once the funds landed in the fraudulent accounts, accomplices would then go to local branch offices around the country and drain the accounts.

Daily newspaper El Financiero said that these cybercriminals stole around 160 million pesos ($8.2 million) from Banco del Bajio and approximately 150 million pesos ($7.7 million) from Banorte. The remaining amount was spread across smaller financial institutions.

Hackers would have stolen 400 million pesos after the cyber attack in April. (Source: El Financiero)

Inter-bank orders declined in late April, as well as the lack of transparency on the part of financial regulators, which has stoked concerns that Latin America’s second-biggest economy fell victim to cyber attacks that have been disrupting Central Banks and financial institutions around the world.

“The authorities claim that in this cyber attack the SPEI was not violated, but that the “hacking” was through the system that the banks have with suppliers to connect with the SPEI. One involved in the investigations ensures that it is not yet known exactly how the criminals operated, so there is no exact data yet of the amount stolen, information considered, it will be difficult for it to be revealed by those affected or by the authorities of the financial sector. Market participants consider that the accounts in which the money was dispersed are located within the country, since in international transfers there are more alerts within the same institutions,” said El Financiero.

Another source told Reuters that these cybercriminals might have had inside assistance to complete such transactions. “In terms of the security of the bank’s offices, I think that is part of the analysis that each bank is doing,” Martinez said.

He also added that the SPEI interbank transfer system was not compromised, but third-party software connected to the payment network might have been. SPEI is comparable to the SWIFT’s messaging services used by more than 11,000 financial institutions in more than 200 countries.

El Financiero indicates that three years ago, at least three financial institutions in Mexico were victims of severe cyber attacks.

“Three years ago at least three banks in Mexico were victims of a “hack”, since the criminals detected a “vulnerability” within a part of their computer systems. After entering a code in their systems, they proceeded to register third parties, “sowed” accounts in SPEI and made transactions for amounts similar to accounts in other open banks with the same name as the account holder. The money was then withdrawn early in the window by those customers. On that occasion, the affectation did not exceed 50 million pesos.”

El Financiero provides information with Bloomberg data showing Cybercrime is on the rise.

However, the location of where the cyber attack originated from is still unknown, it would not shock us if Mexican drug cartels are now diversifying their operations into cybercriminal units attacking Mexican financial institutions.