Cybercrime is hitting Costa Ricans hard, with scams and fraud becoming a daily reality for many. An average of 38 people fall victim to electronic scams every day, a number that’s climbing fast. Between 2020 and 2024, banking cyber fraud cases skyrocketed by 668%, and experts warn 2025 could set a new record. If trends hold, Costa Rica might see around 13,635 cases by year-end, nearly double the 2024 total.
“This is organized crime,” says Esteban Jiménez, a cybersecurity expert and founder of ATTI Cyber in Costa Rica. “We’re seeing a professionalized form of crime with local players entrenched in the country.”
Cybercriminals are targeting Costa Rica’s banking sector with alarming precision. They exploit stolen databases packed with personal details—names, IDs, birthdates, addresses, phone numbers, and even employment information. These databases, often leaked from financial institutions, fuel sophisticated scams like phishing emails and fraudulent text messages.
Jiménez points to a troubling trend: many scams now use local language and cultural cues, suggesting criminals are operating within Costa Rica or collaborating with local affiliates. A recent case in Cartago, where a man allegedly cloned a municipal website to steal ₡350,000, shows how homegrown these threats are becoming.
The Defensoría de los Habitantes, Costa Rica’s ombudsman, has raised alarms about the surge in electronic fraud, urging stronger government action. Posts on X echo this concern, with reports claiming a new cybercrime victim emerges every 38 minutes.
Costa Rica’s vulnerability stems partly from major cyberattacks in 2020 and 2022, which exposed weaknesses in its public systems. In 2020, the Maze group targeted institutions like the Bank of Costa Rica (BCR). Then, in 2022, the Russia-linked Conti group launched a devastating ransomware attack on nearly 30 government bodies, including the Ministry of Finance and the Costa Rican Social Security Fund (CCSS).
The Conti attacks, starting April 17, 2022, crippled tax and customs systems, costing the economy millions daily. Conti demanded a $10 million ransom, later doubled to $20 million, and even called for the government’s overthrow. Costa Rica refused to pay, declaring a national emergency—the first time a country did so over a cyberattack.
Just weeks later, the Hive group struck the CCSS, forcing the public health system offline. Medical records and appointment systems collapsed, and at least 30 of 1,500 servers were compromised. Jiménez noted that rural health centers shut down, and payroll for thousands of employees was delayed. These attacks signaled to cybercriminals worldwide that Costa Rica is an easy target. “The 2022 attacks set a precedent,” Jiménez explains. “They showed our systems are fragile, and criminals have been exploiting that ever since.”
Behind these scams are global criminal networks with complex structures. Some groups steal and sell data, while others execute attacks. They’re constantly expanding, recruiting new members, and targeting countries with weak defenses. In Costa Rica, phishing campaigns and malicious messages often mimic local communication styles, a sign of growing domestic involvement.
The Conti group, for instance, used tools like Cobalt Strike to infiltrate systems as early as February 2022, stealing terabytes of data and locking servers. Their attacks disrupted trade, healthcare, and tax collection, with losses estimated at $500 million for a nation of 5 million. Recent incidents, like the 2024 ransomware attack on RECOPE, Costa Rica’s state-run energy company, show the threat persists. The RansomHub group, accessing systems via a phishing email, disrupted operations for days.
Costa Rica isn’t standing still. Since 2022, the government has bolstered cybersecurity, backing up critical data and working with allies like the U.S., Spain, and Israel. The U.S. State Department’s FALCON program, tested during the RECOPE attack, deployed experts within 36 hours. Jiménez urges stronger awareness and training. “Phishing is the top way criminals get in,” he says, noting that 95% of breaches tie to human error. He calls for better reporting channels and public education to spot scams early.
The government is also pushing for specialized cybercrime units. Experts argue that a dedicated police force, better laws, and mandatory attack reporting could curb the rise in fraud.
With cybercrime showing no signs of slowing, Costa Ricans face a tough road ahead. The banking sector, public institutions, and everyday citizens remain prime targets. Jiménez warns that without aggressive action, the country risks falling further behind. “This isn’t just an IT problem—it’s a national security issue,” he says.
For now, staying vigilant is key. Check emails and texts carefully, avoid public Wi-Fi for sensitive transactions, and report suspicious activity fast. Costa Rica’s fight against cybercrime is just beginning, and it’s one the whole country needs to join.
