Infonavit warns of digital scams involving fake emails
The National Workers' Housing Fund Institute (Infonavit) issued an official alert on May 28, 2026, regarding a rise in digital fraud schemes that use the agency's name to deceive beneficiaries. As reported by Xataka México, scammers are sending fake emails to impersonate the institution, harvest sensitive information, and illicitly charge for services that are, by regulation, completely free of charge.
The agency noted that these attacks tend to intensify during two specific times of the year: holiday seasons and the Christmas period. Criminals pose as Infonavit employees to promise fake solutions to mortgage issues or to facilitate the withdrawal of savings from the Housing Subaccount—a promise that has no legal basis.
According to information cited by El Financiero and released by the agency, scammers primarily operate through three deceptive schemes. First, they offer to cash out Housing Subaccount savings in exchange for a commission. Second, they promise unemployment insurance or payment relief in exchange for an upfront fee. Finally, they request payments to register workers on the "Mi Cuenta Infonavit" platform or to process a pre-qualification.
Infonavit emphasized that all of its services are free and that no employee has the authority to request money in exchange for handling paperwork. The agency clarified that it does not allow intermediaries to make payments, submit requests, or perform any other transactions on behalf of workers. Money accumulated in a savings account can only be withdrawn upon retirement or when formally applied toward an Infonavit mortgage loan.
To help identify fraud attempts, the agency highlighted that its official channels always use the "infonavit.org.mx" domain. The institution warned that official emails must come exclusively from accounts ending in "@infonavit.org.mx."
Infonavit urged users to carefully verify email addresses and websites before interacting. It is essential not to share passwords, social security numbers, or banking information via suspicious links. The institution reiterated that any official communication must come exclusively from its verified platforms, warning that scammers often use variations of their domain names to create a false sense of legitimacy.
