Chilean banks are sounding the alarm about a sophisticated wave of vishing scams—voice phishing attacks—that use fake codes like *21 to trick customers into revealing sensitive financial information. These fraudulent calls, which mimic official bank communications, have left thousands of Chileans vulnerable to account takeovers and financial losses. While banks like Banco Estado and Banco de Chile have issued urgent warnings, cybersecurity experts say the scams are evolving, making them harder to detect.

The scams typically begin with a call claiming to be from a bank’s customer service. Fraudsters instruct victims to press a code—often *21—followed by their account number or PIN, supposedly to “verify their identity” or “prevent fraud.” In reality, this gives scammers direct access to account details, allowing them to transfer funds or open new lines of credit. According to recent reports from Chilean financial regulators, these calls have surged by Superintendencia de Bancos e Instituciones Financieras (SBIF), though exact figures remain difficult to verify due to underreporting.

What makes these scams particularly dangerous is their use of caller ID spoofing, which makes it appear as though the call is coming from the victim’s own bank. This tactic exploits the trust customers place in their financial institutions, often leading to immediate compliance. Banks are now advising customers to never share account numbers, passwords, or verification codes over the phone—even if the caller claims to be from the bank.

Why This Scam Is Spreading—and How to Stop It

Cybersecurity analysts attribute the rise in vishing scams to three key factors:

• Technological sophistication: Scammers now use AI-generated voices that mimic bank customer service agents with near-perfect accuracy.
• Psychological manipulation: Many victims report feeling pressured by fake urgency—scammers claim their accounts will be “locked” or “fraud alerts” will be triggered if they don’t comply immediately.
• Underreporting: Many victims never realize they’ve been scammed until funds are missing, by which time the trail is cold.

Banco Estado, one of Chile’s largest banks, has reported a 40% increase in vishing-related fraud attempts over the past year alone. While the bank declined to provide exact victim numbers—citing privacy concerns—internal data suggests hundreds of accounts have been compromised. “These scams prey on fear and urgency,” says a security spokesperson for Banco Estado. “Our customers must remember: we will never ask for your full PIN or verification codes over the phone.“

How Banks Are Fighting Back

Chilean financial institutions are implementing multiple layers of defense against vishing scams:

1. Enhanced Customer Education

Banks are running public awareness campaigns through social media, TV ads and in-branch materials. For example, Banco de Chile has launched a hashtag campaign #NoCaigasEnVishing (“Don’t Fall for Vishing”) that encourages customers to share warning signs with friends and family. “We’re seeing real progress in recognition,” says a bank spokesperson, “but the scammers are always adapting.”

2. Caller ID Authentication

SBIF is working with telecom providers to implement STIR/SHAKEN protocols, which verify the authenticity of caller IDs. While this won’t stop all spoofed calls, it will make it harder for scammers to mimic bank numbers. “This is a critical step,” says a regulator, “but it’s only part of the solution.”

3. Two-Factor Authentication Overhauls

Most Chilean banks now require multi-factor authentication (MFA) for high-risk transactions, such as large transfers or password changes. This means even if scammers obtain a victim’s account number, they still need additional verification—like a one-time code sent via SMS or biometric confirmation.

What You Can Do to Protect Yourself

If You’ve Been Scammed

Act fast:

1. Contact your bank immediately to freeze your account and report the fraud.
2. Change all online banking passwords and enable MFA if not already active.
3. File a police report with Carabineros de Chile or PDI for potential recovery efforts.
4. Report the scam to SBIF to help track patterns and prevent future victims.

The Future of Vishing: What’s Next?

While banks and regulators work to combat vishing, cybersecurity experts warn that these scams are only getting more sophisticated. “We’re seeing scammers move beyond simple voice calls,” says a security analyst with OWASP Chile. “Some are now using deepfake audio to impersonate bank executives, making the scams even more convincing.”

In response, SBIF is exploring:

• AI-driven fraud detection: Using machine learning to flag suspicious call patterns in real time.
• Partnerships with telecoms: To block known scam numbers before calls reach customers.
• Legal crackdowns: Prosecutors are increasing penalties for vishing-related crimes, though enforcement remains a challenge.

For now, the best defense remains vigilance. “Scammers rely on fear and haste,” says a fraud prevention expert. “Taking a moment to pause and verify can save thousands.”