Detecting brand impersonation in Spanish SMS — the position trick

Mediavox — Mon, 22 Jun 2026 23:06:04 +0000

Detecting brand impersonation in Spanish SMS — the position trick

Phishing in Latin America has a pattern most detection systems miss: where the brand name appears in the message matters.

The insight

In legitimate bank notifications, the brand appears at the end as a signature:

Su transferencia por $500,000 fue exitosa. — Tu Banco

In phishing, the brand appears at the beginning as a fake sender identity:

Tu Banco: Su cuenta sera bloqueada en 24h. Verifique: bit.ly/xyz

This single heuristic (brand at position 0-2 words = impersonation pattern) catches ~70% of LATAM phishing messages before any URL analysis.

Implementation (simplified)

public static bool IsBrandImpersonation(string message, string[] knownBrands)
{
    var firstSegment = message.Split([' ', ':', '-'], 3)[0].ToLowerInvariant();
    return knownBrands.Any(b => 
        firstSegment.Contains(b.ToLowerInvariant()));
}

Real implementation adds:

Levenshtein distance for typosquatting ("Banamex" → "Banamx", "Nequi" → "Nequii")
Alias matching (263+ brands across CO, MX, PE, CL, EC, AR)
Position scoring (start = 0.9, middle = 0.3, end/signature = 0.1)

Combining with other signals

Brand position alone isn't enough. We stack 7 signals in a single pass:

Signal	Weight	Cost
Brand at start (impersonation)	0.25	Free
Domain age < 7 days	0.20	1 RDAP call
URL shortener → suspicious domain	0.20	1 redirect follow
Spanish urgency language	0.15	Free (regex)
Safe Browsing match	0.10	1 API call
Phone number not official	0.05	DB lookup
CTA pattern detected	0.05	Free (regex)

Combined confidence > 75% = fraudulent verdict.

Results

Processing 10K+ real messages (crowdsourced from users across LATAM):

94% accuracy on fraudulent messages
2% false positive rate (legitimate marketing that starts with brand)
< 200ms p95 response time

The false positives are almost always marketing SMS that mimic phishing patterns — which is a problem for the brands themselves.

Try it

curl -X POST https://mediavox.co/mvapi/api/v1/security/threats/analyze \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-key" \
  -d '{"message": "TuBanco: Detectamos actividad inusual. Verifica tu cuenta: bit.ly/tb-verify"}'

Free tier: 500 analyses/month. No credit card.

We built this for Latin America because English-focused tools don't understand Spanish urgency patterns, regional brand aliases, or the specific phishing templates used in CO/MX/PE/CL. If you're building for LATAM, happy to chat about what we've learned.

Building a fraud detection and data quality API for Latin America

Mediavox — Mon, 08 Jun 2026 19:50:00 +0000

If you've built anything for Latin America, you know the pain:

2M+ phishing SMS per month in Colombia alone — in Spanish, targeting local banks and fintechs
Names like "INVERSIONES DEMO S.A.S." that need to be split into company name + legal suffix + country
Addresses like "Cra 7 # 32-16 Of 2301" that geocoding services can't parse without local context
Phone numbers with country codes that don't match the user's declared country
Sanctions screening that can't fuzzy-match "José García" vs "JOSE GARCIA LOPEZ" (accents, middle names, order)

The existing tools (phone validators, safe browsing APIs, breach databases) work for the US. They don't understand that a brand name at the start of an SMS is an impersonation pattern in LATAM, or that "S.A.S." means the input is a Colombian company, not a person.

What we built

A REST API designed for Spanish-speaking Latin America. Five capabilities under one API key:

1. Security — Detect fraud in real time

The biggest pain in LATAM right now. Phishing via SMS, WhatsApp, and email targeting banks, telcos, and fintechs.

# Analyze a suspicious message
curl -X POST https://mediavox.co/mvapi/api/v1/security/threats/analyze \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-key" \
  -d '{"message": "Su cuenta sera bloqueada. Verifique en bit.ly/xyz"}'

Response:

{
  "verdict": "fraudulent",
  "confidence": 95,
  "signals": {
    "urgencyScore": 0.85,
    "brandDetected": true,
    "urlAnalysis": {
      "finalDomain": "entidad-verify.tk",
      "domainAgeDays": 3,
      "safeBrowsing": "malicious"
    },
    "phones": [],
    "ctaFound": true
  }
}

What it checks in a single call:

263+ LATAM brands with impersonation detection (position-aware: brand at start = sender pattern)
Domain age via RDAP (domains < 7 days = almost always fraud)
Redirect chain resolution (follows bit.ly → final destination, up to 10 hops)
Safe browsing check (known malicious domains database)
Urgency patterns in Spanish ("será bloqueada", "últimas horas", "activa ya")
Phone extraction with official number verification
CTA detection (suspicious call-to-action patterns)

Also available: sanctions screening (OFAC, UN, EU, PEP — 65K+ entities with Spanish fuzzy matching), brand registration for monitoring, and a crowdsourced threat feed that grows with every analysis.

2. DataTools — Clean your data

Every company in LATAM has dirty data. Names misspelled, emails that bounce, addresses that geocoding services can't understand.

# Standardize a name (handles Spanish, 60K+ dictionary)
curl -X POST https://mediavox.co/mvapi/api/v1/datatools/names/standardize \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-key" \
  -d '{"text": "INVERSIONES DEMO S.A.S."}'

Response:

{
  "standardized": "Inversiones Demo",
  "type": "company",
  "company_info": {
    "legal_suffix": "SAS",
    "legal_suffix_full": "Sociedad por Acciones Simplificada",
    "country_detected": "CO"
  }
}

Available endpoints:

names/standardize — 60K+ name dictionary, gender detection, legal suffix separation for 6 countries (CO, MX, PE, CL, EC, AR)
emails/validate — disposable detection, typo correction, MX record verification
addresses/standardize — Colombian address parsing + geocoding + DANE/INEGI/UBIGEO official codes
domains/validate — brand identification, DNS resolution, registration data
quality-score — cross-field coherence (email vs name, phone prefix vs country, disposable email with real data)

3. Compliance — KYC in one call

If you're a fintech, bank, or insurance company in LATAM, regulatory compliance isn't optional. Sarlaft (Colombia), UIF (Mexico), SBS (Peru) all require screening.

# Screen an entity against global sanctions lists
curl -X POST https://mediavox.co/mvapi/api/v1/security/sanctions/check \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-key" \
  -d '{"name": "Jose Garcia Lopez", "country": "CO"}'

Screens against OFAC, UN, EU, Interpol, and local PEP lists. Spanish fuzzy matching handles accents, name order variations, and abbreviations.

The compliance bundle (one call) combines: sanctions check + name standardization + document ID validation + quality score.

4. Finance — LATAM tax and banking

# Validate a Colombian tax ID (NIT)
curl -X POST https://mediavox.co/mvapi/api/v1/finance/tax-id/validate \
  -H "Content-Type: application/json" \
  -H "X-API-Key: your-key" \
  -d '{"document_id": "900534082", "country": "CO"}'

Validates tax IDs (NIT Colombia, RFC Mexico, RUT Chile, RUC Peru, RUC Ecuador), verifies bank account formats, and categorizes financial transactions.

5. Recognition — OCR with structure

Extract text from documents (invoices, IDs, contracts) with computer vision, then apply NER to pull structured entities: tax IDs, amounts, dates, company names, addresses.

How it works under the hood

Three things make this different from wrapping existing APIs:

1. Self-improving dictionaries. The more the API is used, the more accurate it becomes. Day one: 90%+ accuracy on names, cities, and brands across 6 LATAM countries. With traffic: approaches 99% as the system learns from every request.

2. Native Spanish NLP. Not a translation layer on top of English tools. Built from scratch for ñ, accents, regional variations, and the specific patterns of Latin American fraud (urgency language, impersonation positions, local brand aliases).

3. Crowdsourced intelligence. A free public bot (WhatsApp + Telegram) lets citizens verify suspicious messages. Every analysis enriches the threat feed. Every report strengthens detection. API customers benefit from intelligence generated organically by real users — without lifting a finger.

Beyond the API — The full ecosystem

mediaAPI is one piece. The same platform offers three more products for different use cases:

Turing AI — Embeddable AI assistant

Drop an intelligent chatbot into any website with one script tag. It connects to your actual data (CRM, invoices, inventory) and answers questions with real numbers — not generic AI responses.

<script src="https://mediavox.co/mvai/mediavox-turing.js?v=2.5" 
        data-key="your-key" data-theme="light"></script>

Features: RAG with your own content, function calling against your database, multi-tenant (one setup, many clients), feedback loop that improves over time. Supports Spanish natively.

Use case: Your customer asks "When is my next payment due?" → Turing queries your billing system and answers with the actual date and amount.

DocumentPower — Document intelligence

Upload contracts, invoices, IDs, or any document. The system extracts structured entities (amounts, dates, tax IDs, names, companies) using NER, then indexes everything for semantic search.

# Upload and extract entities
curl -X POST https://mediavox.co/mvai/api/v1/documents/upload \
  -H "X-Turing-Key: your-key" \
  -F "file=@contract.pdf"

# Search across all your documents
curl "https://mediavox.co/mvai/api/v1/documents/search?query=penalty+clause"

Use case: A compliance team uploads 500 supplier contracts. Later, they search "penalty clauses above $10K" and get instant results with page citations.

Sales Copilot — AI for field sales via WhatsApp

A sales rep sends a WhatsApp voice note or text: "Send 5 boxes of motor oil to Store #47". The AI identifies the product, the client, checks inventory and pricing, and creates the order — no app needed.

Built for LATAM distribution (TAT/retail channel). Handles Spanish product synonyms, voice transcription, and integrates with existing ERP inventory.

Use case: 900 sales reps × 30 daily store visits = 27,000 orders/month processed by AI, zero manual data entry.

n8n integration

If you use n8n, there's a community node:

npm install n8n-nodes-mediavox

48+ operations across all products. Drop it into any workflow — validate data before loading to your CRM, screen suppliers against sanctions lists, detect fraud in incoming messages. No code required.

Pricing

Free tier available (no credit card required). Paid plans for higher volume. Check the developer portal for current pricing.

Try it

Register at the developer portal (10 seconds, no credit card)
Get your API key
Start calling endpoints

The interactive playground lets you test every endpoint with your own data before writing a single line of code.

DEV Community: Mediavox

Detecting brand impersonation in Spanish SMS — the position trick

Detecting brand impersonation in Spanish SMS — the position trick

The insight

Implementation (simplified)

Combining with other signals

Results

Try it

Building a fraud detection and data quality API for Latin America

What we built

1. Security — Detect fraud in real time

2. DataTools — Clean your data

3. Compliance — KYC in one call

4. Finance — LATAM tax and banking

5. Recognition — OCR with structure

How it works under the hood

Beyond the API — The full ecosystem

Turing AI — Embeddable AI assistant

DocumentPower — Document intelligence

Sales Copilot — AI for field sales via WhatsApp

n8n integration

Pricing

Try it