Peru’s financial regulators have reported a surge in “wangiri” scams—known locally as “llama y corta”—with victims losing an average of $500 per incident, according to local media reports. The scams exploit a simple but effective social engineering trick: fraudsters call repeatedly from international numbers, often with a brief ring followed by disconnection, to trigger return calls that incur premium-rate charges.
Key Points
- The scam works by luring victims into calling back unknown international numbers, where per-minute charges can exceed $2 per call.
- Peru’s Superintendencia del Mercado de Valores (SMV) and consumer protection groups warn the tactic is evolving, now including fake “customer service” calls mimicking banks and telecom providers.
- Victims in Lima and Arequipa have reported losing between $300 and $1,200 after falling for the scheme, per public statements from anti-fraud organizations.
- Similar scams—dubbed “quishing,” “smishing,” and “vishing”—are rising globally, with Peru ranking among the top 10 countries targeted by such fraud, according to cybersecurity reports.
How the “Llama y Corta” Scam Works—and Why It’s Hard to Stop
The “llama y corta” (call and hang up) scam relies on a psychological trigger: curiosity. Fraudsters use automated dialers to call victims from international numbers, often with a single ring before disconnecting. The goal is to prompt the victim to call back, believing it might be a legitimate inquiry or an emergency. Once the victim returns the call, they’re connected to a premium-rate line—sometimes routed through international gateways—that charges $2 to $5 per minute.
According to a Panda Security analysis, the scam has adapted over time. Early versions used generic international prefixes like +44 (UK) or +34 (Spain), but newer campaigns now spoof local numbers or impersonate trusted entities. In Peru, fraudsters have mimicked calls from Banco de Crédito del Perú or Claro, the country’s largest telecom provider, to bypass skepticism.
Telecom regulators in Peru have struggled to block the numbers quickly, as the scammers frequently rotate phone lines and use Voice over IP (VoIP) services to obscure their origins. “By the time we identify a pattern, the fraudsters have already moved to new numbers,” said a source from the Organismo de Supervisión de Inversión Privada en Telecomunicaciones (OSIPTEL).
Why Peru Is a Hotspot for These Scams—and How Victims Can Protect Themselves
Peru’s rapid adoption of mobile banking—now used by over 60% of adults, per Central Reserve Bank data—has created fertile ground for such scams. Unlike traditional credit card fraud, these schemes exploit behavioral psychology rather than technical vulnerabilities, making them harder to detect with automated filters.
Local cybersecurity experts recommend three immediate steps to avoid falling victim:
- Never call back unknown numbers. Legitimate organizations will not leave a single ring and disconnect.
- Use call-blocking apps. Services like Truecaller or Hiya can flag suspicious international prefixes.
- Check for premium-rate warnings. Peru’s OSIPTEL provides a list of known scam numbers on its website.
For businesses, the rise of “vishing” (voice phishing) underscores the need for multi-layered fraud detection. Banks like Interbank have started integrating AI-driven call analytics to detect anomalies in voice patterns, but smaller financial institutions remain vulnerable.
Global Trends: How Peru Compares to Other Regions
While Peru’s “llama y corta” scams are particularly aggressive, the tactic is part of a broader wave of voice-based fraud. In the U.S., the Federal Trade Commission reported over $36 million lost to similar schemes in 2023, with victims often targeted via robocalls. In Europe, fraudsters have exploited the EU’s Roaming Like at Home policy to mask international charges, according to European Consumer Centre reports.
A key difference in Peru is the use of local number spoofing, which reduces distrust compared to obvious international prefixes. “The fraudsters are getting smarter by blending into the local calling ecosystem,” said a cybersecurity analyst from Kaspersky Lab in Lima. “This makes it harder for traditional call-blocking tools to keep up.”
What’s Next: Can Regulators Keep Up?
Peru’s telecom regulator, OSIPTEL, has proposed stricter penalties for carriers that fail to block known scam numbers, but enforcement remains inconsistent. Meanwhile, fraudsters are increasingly using encrypted messaging apps like WhatsApp to deliver phishing links, complicating tracking efforts.
In the short term, victims are advised to report suspicious calls immediately to their service provider and file complaints with OSIPTEL or the Public Ministry’s Cybercrime Unit. Long-term solutions may require collaboration between telecom companies, banks, and international organizations to standardize fraud detection protocols.
The scam’s persistence highlights a broader challenge: as technology evolves, so do the tactics of fraudsters. For now, the best defense remains vigilance—and a healthy dose of skepticism toward unsolicited calls.
