Cyber Fraud in Costa Rica
Online fraud has become one of the fastest-growing crimes in Costa Rica. Every year, more people and businesses fall victim to scams involving fake emails, cloned websites, or identity theft. Cybercriminals now use sophisticated techniques, including artificial intelligence, to trick users into sending money or disclosing sensitive data.
At CPG Legal, we help both residents and expats who have been affected by cyber fraud in Costa Rica. Our bilingual team assists victims in preserving digital evidence, contacting financial institutions, and filing criminal complaints with the authorities. Whether the loss comes from a phishing message, a hacked business account, or a cryptocurrency investment scheme, quick legal action makes all the difference.
Costa Rica has developed a solid legal framework to punish cybercrime, yet prevention remains the best protection. Understanding how these scams work—and what the law can do to stop them—is the first step toward protecting yourself and your business.
What is Cyber Fraud?
Cyber fraud refers to any illegal act carried out through computers, mobile devices, or the internet with the intention of deceiving someone for financial gain. It includes activities such as manipulating information systems, accessing confidential data without authorization, or impersonating legitimate companies and individuals online.
Unlike traditional fraud, which often requires direct personal contact, cyber fraud operates across borders and can happen in seconds. A single email or link may be enough for a victim to lose access to their bank account or private files. In Costa Rica, these crimes are considered delitos informáticos under the national Criminal Code, and they can be prosecuted even when the offenders are abroad.
Typical Forms of Cybercrime:
Phishing and spoofing: fake messages designed to obtain passwords or credit card numbers.
Business Email Compromise (BEC): when scammers pose as executives or suppliers to redirect company funds.
Identity theft: using someone’s personal information to access accounts or open loans.
Investment and cryptocurrency scams: promising unreal profits to attract victims.
Sextortion and blackmail: threatening to publish private images or data unless money is paid.
Online grooming: targeting minors through social media and messaging apps.
Cyber fraud exploits trust, technology, and human behavior. Many schemes begin with small tricks—an urgent message, a convincing invoice, or a friendly contact—and end in major financial losses.
Common Types of Cyber Fraud in Costa Rica
Cyber fraud can take many forms. Criminals constantly adapt their tactics to new technologies, payment systems, and social networks. Below are the most common types of cyber fraud that affect residents and foreign investors in Costa Rica.
Phishing and Spoofing
Phishing is one of the oldest and most common forms of cyber fraud in Costa Rica. Scammers send emails, text messages, or WhatsApp links pretending to be from a trusted institution such as a bank or delivery company. The message looks real and urges the victim to click a link or share a password.
Once the victim responds, the attackers gain access to accounts, transfer funds, or steal personal data. Spoofing works in a similar way, but the fraudster manipulates the sender information to make the message appear legitimate. Many victims report that the message even includes the correct logo or phone number of their bank.
Phishing is dangerous because it relies on trust. A single click or reply can be enough to compromise an entire account.
Business Email Compromise (BEC)
BEC scams target companies, suppliers, and executives. Criminals hack or imitate business email accounts to trick employees into sending money to fake bank accounts.
In Costa Rica, this type of fraud often affects real estate agents, law firms, and importers who work with international transfers. The attacker monitors legitimate correspondence and then sends a fake message at the right time, changing the bank details for the deposit.
To prevent BEC scams, companies should use two-factor authentication and verify payment requests by phone before wiring money. When detected early, banks can sometimes freeze or reverse the transfer, but time is critical.
Cryptocurrency and Investment Scams
Investment fraud has become increasingly sophisticated. Many websites or social media ads promise high profits from cryptocurrency trading, mining operations, or offshore investments. Victims are asked to send an initial payment, and at first they see fake returns. Once they try to withdraw their profits, access to the platform disappears.
In Costa Rica, these scams often involve foreign websites or agents operating through messaging apps. Because they use crypto wallets and unregulated exchanges, recovering funds becomes complex. However, when deception and false information are involved, victims may file a criminal complaint for fraud or cybercrime.
Online Casino and Gambling Scams:
Online casinos and betting platforms are a common source of cyber fraud in Costa Rica. Many of these websites operate without proper authorization, promising high returns or easy withdrawals. Once players deposit their money, access is often blocked, and the platform disappears.
Under Costa Rican law, games of chance and bets are considered aleatory contracts. Article 1409 of the Civil Code states that the law does not grant a right of action to claim winnings from any kind of game, but it allows the loser to recover what was paid if fraud can be proven. This exception is key when a supposed “casino” or “sports betting” site uses deception or manipulation to obtain money.
In other words, ordinary gambling losses cannot be recovered through a lawsuit—but fraudulent schemes disguised as online casinos can be pursued as cyber fraud. Victims are entitled to file a criminal complaint for deceit or computer fraud, and our firm assists in tracing digital payments, cryptocurrency wallets, and cross-border operators.
Identity Theft and Data Breaches:
Identity theft happens when someone uses another person’s information—such as a passport number, ID, or account credentials—to open loans, steal funds, or impersonate them online.
Costa Rican law protects personal data, and using someone else’s identity for profit constitutes a criminal offense.
Sextortion and Blackmail
Sextortion is a form of cybercrime where the attacker threatens to publish intimate photos, videos, or private information unless the victim pays money. Sometimes the material is real; other times it is fabricated using stolen images or deepfake technology.
These cases can cause severe emotional distress, and many victims hesitate to report them out of fear or shame. It is essential to act quickly, preserve all messages, and contact both the police and a lawyer. Costa Rican authorities treat these acts as serious crimes involving extortion and violation of privacy.
Grooming and Risks to Minors
Although most cyber fraud targets adults, minors are also at risk online. Grooming occurs when an adult uses social networks or messaging apps to gain the trust of a child with harmful intentions. It often begins as friendship and later turns into manipulation, blackmail, or exploitation.
Parents should monitor online interactions and teach children not to share personal information or images. Costa Rican law strongly protects minors against any form of online exploitation, and authorities encourage prompt reporting of suspicious behavior.
A Growing and Evolving Threat
Cyber fraud evolves constantly. A single crime can combine several techniques—such as phishing, identity theft, and crypto manipulation—to maximize profit. Because many operations originate outside the country, international cooperation and timely legal action are vital.
Understanding these schemes helps individuals and businesses stay alert and avoid becoming victims. Awareness, prevention, and prompt legal guidance are the best defenses against cybercrime in Costa Rica.
Legal Framework in Costa Rica
Costa Rica has a modern and well-structured legal framework to investigate and punish cyber fraud. The country recognizes that digital crimes threaten both individuals and the economy, so several laws have been updated to address these new risks.
The Costa Rica Criminal Code:
The Criminal Code includes specific offenses known as delitos informáticos or computer crimes. These provisions protect privacy, information systems, and data integrity. Key articles establish criminal liability for unauthorized access, data interception, identity theft, and online fraud.
Among the most relevant offenses are:
Computer espionage and data theft: accessing private or corporate systems without authorization.
Computer sabotage: damaging or altering files, programs, or networks.
Electronic fraud: manipulating digital data or communication systems to obtain money or benefits.
Violation of personal data: collecting or transferring personal information without consent.
These crimes can carry penalties of several years in prison. In addition, aggravating factors apply when public institutions, banks, or minors are affected.
International Cooperation and the Budapest Convention
Because cyber fraud often crosses borders, Costa Rica joined the Budapest Convention on Cybercrime, an international treaty that promotes cooperation between countries. This agreement helps investigators share digital evidence, freeze assets, and locate offenders abroad.
For victims, this means that even if the perpetrator is located outside Costa Rica, the authorities can request assistance through international channels. The treaty has proven essential in cases involving cryptocurrency, offshore websites, and online investment schemes.
Civil Law and Recovery of Losses
While most cybercrimes are handled through criminal courts, civil law also provides mechanisms for compensation when fraud or deception is proven. For example, as seen in Article 1409 of the Civil Code, ordinary gambling losses cannot be reclaimed, but fraud makes an exception.
In practice, this principle extends to any digital transaction where deceit, manipulation, or false representation occurs. Victims can seek restitution of funds through both criminal and civil proceedings. CPG Legal guides clients through the process to recover what was lost and hold those responsible accountable.
Data Protection and Privacy Rights
Costa Rica also recognizes the right to personal data protection. The Law on the Protection of Persons Regarding the Processing of Their Personal Data (Law No. 8968) establishes rules for collecting and using information. Organizations must handle personal data securely and respect consent.
If a person’s digital privacy is violated, or if their information is misused to commit fraud, legal action can be taken both under this law and under the Criminal Code.
Digital Evidence and Judicial Procedure
Courts now accept digital documents, emails, and chat records as valid evidence. For this reason, preserving electronic proof is essential when a crime occurs. Screenshots, transaction receipts, and communication logs help establish the chain of events.
The judiciary has specialized units and prosecutors who focus exclusively on cybercrime. Their collaboration with the Organismo de Investigación Judicial (OIJ) ensures that digital forensics follow international standards.
Practical Impact for Victims
The legal system in Costa Rica provides real protection, but the process depends on timely action. Reporting the incident early helps prevent further damage and increases the chances of identifying those responsible.
At CPG Legal, we help victims prepare the necessary documentation, coordinate with banks and police, and represent them through every stage of the investigation. Our bilingual team ensures that foreign residents and companies receive clear guidance and follow the correct legal channels.
What To Do If You´ve Been Targeted
Discovering that you’ve been the victim of cyber fraud can be stressful. The most important step is to act quickly and protect your data and money before further damage occurs. Here are the essential steps to follow if you suspect that you have been targeted.
1. Stop All Communication
If you receive suspicious messages or realize you are being scammed, stop replying immediately. Do not send any more money, documents, or personal information. Scammers often use emotional pressure or fake emergencies to make victims act fast. Staying calm is crucial.
2. Preserve All Evidence
Keep every message, email, or document related to the incident. Take screenshots, save transaction receipts, and record phone numbers or usernames used by the fraudster. Never delete the evidence, even if you feel embarrassed or angry. This information will be vital for the police and your lawyer to trace the crime.
3. Contact Your Bank or Payment Provider
If you made a transfer or used a credit card, call your bank immediately. Request that the account or card be frozen and report the transaction as fraudulent. Banks in Costa Rica can sometimes block or reverse payments if notified promptly. The faster you act, the better the chance of recovering your funds.
4. Change Passwords and Secure Your Accounts
Change the passwords of your email, social media, and online banking accounts. Use strong combinations of letters, numbers, and symbols, and avoid reusing old passwords. Enable two-factor authentication (2FA) wherever possible. This will prevent further unauthorized access to your accounts.
5. File a Criminal Complaint
Cyber fraud is a crime in Costa Rica. Victims can file a complaint (denuncia) with the Organismo de Investigación Judicial (OIJ) or the Public Prosecutor’s Office (Fiscalía). If you are a foreign resident, you can also file the complaint through your lawyer. The report should include all available evidence—screenshots, communications, and receipts—so investigators can trace the perpetrators.
6. Inform Your Lawyer as Soon as Possible
An attorney can help you structure the complaint properly and determine whether additional legal actions—civil or criminal—are possible. At CPG Legal, we assist clients in preparing complete documentation, coordinating with banks, and protecting their rights throughout the investigation.
7. Alert Others
If the scam involves a public website, fake company, or social media account, report it to the platform and warn others. Sharing information helps prevent new victims and gives law enforcement more leads.
Additional Tips
Never share passwords or one-time codes with anyone.
Verify website addresses before logging in or paying online.
Be cautious with “investment opportunities” that guarantee profits.
Remember that government institutions and banks never ask for personal data via email or WhatsApp.
Staying vigilant and informed is the best defense. Even when a loss occurs, quick reporting and legal guidance can minimize the damage and sometimes lead to partial recovery.
How CPG Legal Can Help Victims of Cyber Fraud in Costa Rica:
At CPG Legal, we understand how overwhelming cyber fraud can be. Our firm represents both local and foreign clients who have lost money, data, or property through online scams. Each case requires a careful balance of technology, law, and strategy — and that’s where our experience makes the difference.
Legal Guidance From the Start
Our attorneys provide clear, step-by-step legal advice from the moment you contact us. We review your situation, identify the type of cyber fraud involved, and explain what actions can be taken under Costa Rican law. Whether the case involves phishing, business-email compromise, or online gambling fraud, we outline the options available and the possible outcomes.
Preparing and Filing the Criminal Complaint
We help you file a detailed complaint (denuncia penal) with the Organismo de Investigación Judicial (OIJ) or the Public Prosecutor’s Office (Fiscalía). This document must include all relevant facts and evidence to initiate the investigation. Our bilingual team ensures that every detail is properly translated and formatted for local authorities.
Coordination With Banks and Financial Institutions
Many cases of cyber fraud in Costa Rica involve wire transfers, crypto exchanges, or fake payment platforms. We work directly with banks to freeze or trace funds whenever possible. In certain situations, we can also request international cooperation to track cross-border transactions.
Evidence Preservation and Digital Forensics
Digital evidence is fragile. Screenshots, emails, and chat logs can be deleted or altered if not preserved correctly. We coordinate with forensic experts who secure digital proof according to international standards, maintaining the chain of custody required by the courts.
Civil Recovery Actions
In addition to the criminal process, victims may pursue civil claims to recover their losses. If fraud or deception is proven, the responsible party can be ordered to compensate damages. Our firm manages both criminal and civil strategies, ensuring that all legal avenues are covered.
Support for Expats and Foreign Investors
Many of our clients are expatriates, investors, or retirees who conduct financial transactions online. Our bilingual service ensures full understanding of every step in the process — from filing reports to court representation. We explain your rights in plain English and handle all interactions with Costa Rican authorities on your behalf.
Frequently Asked Questions about Cyber Fraud in Costa Rica
Can foreigners file a cyber fraud complaint in Costa Rica?
Yes. Foreign residents and visitors can file a complaint for cyber fraud in Costa Rica. The process is handled by the Organismo de Investigación Judicial (OIJ) or the Fiscalía. If you are not fluent in Spanish, your lawyer can prepare and submit the complaint on your behalf. CPG Legal regularly represents expats and foreign investors in these cases.
Can money lost to online scams be recovered?
It depends on the situation. When banks or payment platforms act quickly, transfers can sometimes be frozen or reversed. If there is clear evidence of deception, victims may also seek civil compensation. However, time is critical — the sooner the fraud is reported, the greater the chances of recovery.
Are online casino scams punishable under Costa Rican law?
Yes, when fraud is involved. While ordinary gambling losses are not recoverable under Article 1409 of the Civil Code, online casinos that deceive users fall under cyber fraud. Victims can pursue legal action when the site uses manipulation, false promises, or fake withdrawal systems.
How long does a cyber fraud investigation take?
Each case is different. Complex cases involving multiple accounts or international transfers may take a long time. Our firm maintains direct communication with the authorities and keeps clients informed of every development.
What should I do first if I suspect I´m a victim?
Stop communication with the scammer, preserve all messages and documents, and contact your bank immediately. Then consult an attorney familiar with cyber fraud in Costa Rica. Early legal action is the most effective way to protect your rights and recover your assets.
Is cybercrime common in Costa Rica?
Unfortunately, yes. Cyber fraud cases have increased sharply, affecting individuals, companies, and even public institutions. The rise of online banking, cryptocurrency, and digital payments has created new opportunities for criminals. That is why prevention, education, and fast legal action are essential.
Your Case Deserves Action
If you believe you are a victim of cyber fraud in Costa Rica, do not wait. Time is essential to trace digital operations and secure your rights. CPG Legal is ready to assist you with experience, integrity, and discretion.
Dr. Christopher Pirie.