Costa Rica Battles Rising Cyberbanking Fraud and American Businessman Murdered

Cybercrime is a serious problem in Costa Rica. The numbers of victims is rapidly growing and so are the different techniques used by criminals to commit them. Behind the epidemic of cyber-banking fraud hitting Costa Rica are not independent criminals, but rather complex structures that function as criminal enterprises.  The Cybercrime Prosecutor’s Office revealed that organizations have access to technological and economic resources that allow them to “operate on a large scale” in a business that has become very lucrative.  “We have managed to detect that they are coordinated structures. In many of these cases, they operate as organized crime groups, that is, a coordinated structure with leaders, middle managers, and rank-and-file members or low-level figures,” authorities said. 

Authorities have detected that many ordinary criminals have been migrating to this modality because it is easier to operate and less dangerous for them. The prosecutor indicated that during 2024, nearly $8.3 million USD was stolen from victims’ bank accounts in Costa Rica. Meanwhile, the OIJ announced that in just the first half of 2025, Costa Ricans’ losses exceeded approx. $4.8 million USD.  This multimillion-dollar illicit business has strongly infiltrated Costa Rica, but its structures transcend national borders. For Esteban Jiménez, a cybersecurity expert, the cyberattacks carried out against the country’s public institutions by the cybercriminal groups Maze (2020) and Conti (2022) put national vulnerabilities on the attackers’ radar. 

With the rise of artificial intelligence (AI), scams have become more sophisticated, and it is increasingly difficult to detect when something is fake. Criminals are capable of cloning voices and images, impersonating people, and even hacking devices such as WhatsApp, which makes it difficult for many people to distinguish whether they are really talking to a friend or family member or a criminal.  Another method is the collection of sensitive data through fake websites (even with security certificates), which is one of the methods most commonly used by cybercriminals to defraud people. However, there is a wide range of this type of fraud, according to Yorkssan Carvajal, head of the OIJ’s Specialized Section Against Computer Fraud. 

The investigator pointed out that criminals also make calls to their victims, posing as municipal officials, bank employees, or representatives of any other institution, under the pretext that they want to help with a procedure or the management of a service.  To do this, cybercriminals have access to large databases of personal information on customers of financial institutions. These records contain information such as full name, ID number, and date of birth, physical address (including street address), occupation, employer, and up to six phone numbers per person, among other details.  Scammers also take advantage of people who are selling or renting property.

The criminals pretend to be interested in purchasing whatever is being sold, and lead owners to believe that a down payment is on its way, and send a fraudulent link as proof of the transaction.  “The victim clicks on the link, and obviously, the first thing it will ask for is sensitive information such as username and password, dynamic key or token, and the victim’s email address, and that’s how they lose control of their bank account,” said the police.  Although reports of computer fraud are skyrocketing, the same cannot be said for the statistics on legal proceedings and convictions for this type of crime. According to data provided by the judiciary, in 2024 there were only 85 trials, in which 44 people were acquitted and 41 received sentences, most of them suspended, although seven people were also sentenced to between five and fifteen years in prison. 

In other news, Costa Rica detained two young folk in the killing of a U.S. citizen.  The Judicial Investigation Agency (OIJ) has arrested two suspects in connection with the murder of an American businessman Eshraghollah Vatani. Vatani was reported missing in Quepos and was tragically found dead days later in Cartago.  A 21-year-old man, identified as Carrier and a 17-year-old girl are believed to be responsible for the murder of the 71-year-old U.S. citizen. Authorities also seized marijuana and several cell phones. According to the judicial report, robbery appears to have been the motive. Vatani visited several stores and stayed at a hotel in downtown San José. The following day, he traveled to Heredia, where he reportedly disappeared. Vatani was carrying $18,000, credit cards, which were used in multiple stores to make purchases totaling $10,000, and a vehicle that has yet to be recovered. OIJ investigations suggest that the 17-year-old girl allegedly lured Vatani to a house in Mercedes Norte, Heredia. Four additional individuals, aged 18, 19, 21, and 24, were arrested for using Vatani’s bank cards. Though later released, they remain linked to the investigation and may provide valuable information regarding the crime.