| Reported: 25th September 2025 | Location: Costa Rica |
Security Incident. Last week it was reported that in 2025, virtual kidnapping scams have escalated in Costa Rica, with 26 reported cases from January to July, primarily targeting workers from small home-service businesses. Criminals lure victims to remote locations under the guise of client meetings, then use threats via video calls to extort ransoms from families without any physical abduction. Authorities note a sharp increase, with nine incidents in June and eleven in July, concentrated in urban areas like San José.
Fig 1- Costa Rica Kidnap and Ransom Brief with Country Risk Indicators (Neptune P2P Group Travel Risk Management App), and Global Risk Map, Q2 2025 (Neptune P2P Group). Kidnapping Case Reference: Carla Stefaniak, U.S. Citizen inCosta Rica (NBC News).
Comment. Virtual kidnapping involves sophisticated extortion tactics where criminals fabricate an abduction scenario through psychological manipulation, without inflicting any physical harm or actual captivity. In these schemes, perpetrators scour social media for advertisements from small businesses then pose as clients to arrange meetings in isolated locations. Upon arrival, victims receive video calls from foreign numbers claiming they have entered restricted zones, with threats of surveillance or immediate danger to obtain family contacts; screenshots or videos are sent to relatives to demand swift ransoms via bank transfers or mobile payments, exploiting panic to secure funds while the victim remains immobilised. This trend forms part of a broader surge in extortion crimes, with nearly 800 related reports in the first seven months of 2025, including 464 ‘gota a gota’ illegal loan extortions and 257 sextortion incidents, affecting diverse age groups and social classes across the provinces. Comparable cyber-enabled extortion methodologies have proliferated throughout Latin America, often originating from penal institutions in countries like Mexico and Colombia, where similar ruses target foreign businesses, tourists and expatriates, prompting advisories from organisations such as the US State Department for heightened vigilance.
On a worldwide scale, virtual kidnapping aligns with emerging trends in AI-augmented scams, including deepfake-assisted schemes reported in the United States and United Kingdom. INTERPOL have documented the globalisation of human trafficking-fuelled scam centres, and global online payment fraud losses reaching 44.3 billion USD in 2024, projected to exceed 107 billion USD by 2029, illustrating how increased digital connectivity amplifies vulnerabilities for businesses universally. This expanding escalation, exacerbated by institutional challenges such as outdated legal frameworks and shortages in cybersecurity expertise, underscores the pressing need for enhanced security risk management to safeguard against these unpredictable threats.
Assessment. Incidents like the Costa Rica virtual kidnapping surge often arise from criminals shifting to lower-risk, high-reward modalities that exploit digital footprints and institutional gaps, a pattern increasingly seen in urban centres worldwide. Organisations must prioritise comprehensive security risk management frameworks, starting with employee training on recognising social engineering tactics, such as verifying client identities before remote meetings and establishing safe words for emergency verification. Implementing policies for secure digital hygiene – like limiting personal data in online advertisements and using multi-factor authentication – further reduces exposure, while developing incident response protocols ensures calm, coordinated actions during threats. On a global scale, businesses deploying personnel to emerging markets should integrate these measures into broader duty of care strategies, fostering resilience through proactive intelligence sharing and emergency alert systems to navigate rising urban uncertainties.
