Highway Express Kidnapping: Challenges in Prevention, Resilience, and Post-Victimization
I am a security executive. I was kidnapped.
Every kidnapping experience is different, and each one is a complex event that exposes the vulnerabilities of the victims, their family members, and corporate security and financial protocols.
Perhaps if any single factor of my own experience had been something other than what it was, I might have been another statistic—another of the disappeared in Mexico.
The state where my kidnapping occurred boasts one of the highest rates of disappearances and discoveries of mass graves in Mexico—a stark contrast to the leisure associated with the international tourism industry in the same area.
This article chronicles my own kidnapping and how I managed to come out ahead. Certain names, locations, and other details have been modified; however, the verifiable data related to the incident can be found in the official complaint filed with the State Public Prosecutor’s Office.
Kidnapping incidents resonate even after the victim’s release, so this analysis also focuses on the events following the kidnapping. Unless you experience a similar event firsthand, it’s unlikely that you have truly considered what the aftermath for a survivor can look like: the complexity of the post-victimization process, and the return to a sense of normalcy.
This incident offers crucial experiences for those managing an organization’s executive security policy and corporate resilience to consider—especially if the organization ever operates in a high-risk environment.
Phase I: Before the Kidnapping
From the moment a company hires a new employee, a series of analyses begins. The analyses may suggest providing the new hire with a security briefing, making him or her aware of security recommendations for the areas where he or she will be working, especially if the area that is new to the employee. Depending on the employee’s risk factors and location, that briefing might include kidnapping awareness.
Ideally, kidnapping risk management starts early. Proactive security teams can take certain actions to mitigate risk:
- Gather crime trends in the region, such as the times of attacks, types of target vehicles, and affected passengers. Kidnappers generally look for lone targets or a maximum of two passengers—fewer victims can be more easily controlled.
- Limit the use of luxury vehicles, opting for ones without tracking systems.
- Ensure that vehicles used for transporting employees have at least three panic buttons. These should be located in points where the victim might be subdued or trapped, such as at the steering wheel, between the rear seats, and in the trunk.
- Monitor potential routes with geofencing. For the sake of potential kidnapping victims, include a way to verify conditions—such as different keywords to differentiate normal situations from those where someone is under duress.
- Utilize apps with high-crime incidence maps. Several applications provide maps of areas with high criminal incidence by region and risk times. It may be advisable to install one in vehicles used for executive-level transit, so security drivers can change routes based on risk levels.
Outside of the office, you might consider a family protocol or contingency plan involving the following: notifying members about departures and arrivals, especially when you are working outside of the family’s state or region of residency; sharing an image of your outfit and vehicle; leaving family phones secure in hotels when working in high-risk areas; using code words or phrases to discreetly notify security when a crisis has occurred; and limiting your exposure or purchases on certain platforms or websites.
When I was working in Reynosa, Tamaulipas, Mexico, our security department would provide a series of security recommendations to incoming European and U.S. personnel prior to their arrival. This practice ensured that from the moment they left the airport, the individuals were aware of prevention measures and would not be rapidly identified as a potential target for criminals. This included maintaining a low profile, being greeted by a designated person in clothing without company names or logos, planning transfers, and purchasing a local SIM card for an alternate cell phone—such that the employee’s personal phone could be left in the hotel’s safe deposit box. Other security measures touched on transportation, including switching cars while en route, and forgoing vehicles with installed tracking devices or bearing company logos.
But while preparedness is useful, the idea that prior planning can totally protect us from a threat is a fallacy.
Phase II: The Kidnapping
The attack was violent.
On a precise stretch of road without cell signal, a yellow vehicle with three armed subjects, faces covered, blocked the path of the company owned, luxury SUV I was alone in. The three fired shots in front of the vehicle while a second vehicle in the rear ensured that the SUV had no escape alternative. Just like a Formula 1 pit crew, the criminals had well-defined positions and responsibilities. Their aim was to minimize any reaction from a victim.
Their movements were surgical, transferring me to the seat behind the driver in the lead vehicle. They photographed my credentials and immediately sent them to someone to validate that the plan was proceeding as intended. Then I was beaten and threatened with firearms to force me to give the passwords for mobile bank accounts.
While one of the actors drove away in the SUV to an unknown location, the other two criminals—the driver and another next to me in the rear seat—got back in the yellow car. The criminal guarding me was an armed young man of barely 19 years old. Meanwhile, I was ordered to pretend to be asleep, and I hunched down in my seat.
While their attack was well coordinated, the criminals had not done their homework well, proving to be inexperienced—and that was fortunate for me. They failed to notice that I was traveling with two cell phones, taking only the expensive company iPhone and failing to find an extra phone on my left leg, which I tried to use to activate an alert.
During the brief periods when I was handed the iPhone to contact acquaintances and family, as well as my company, I also managed to send my location to key contacts, without the kidnappers immediately realizing what I was doing. Those key contacts include members of ASIS 311 Chapter, Corporate Security, who executed an impeccable crisis management response and are owed immense gratitude (but whose identities are protected for privacy), as well as active members of the Mexican armed forces.
On the drive, I was able to observe the landscape during what felt like an eternity but was roughly 40 minutes of travel on constantly changing roads. As the journey continued, the kidnappers drove through tollbooths, where, even when law enforcement was present, no one was suspicious about seeing someone seemingly asleep in the back seat. I wished for one of those annoying checkpoints that authorities used to place in risky areas, but there were none.
In the car, the young criminal next to me placed the pistol on his lower left leg while concentrating on wiping all information from my company cell phone. Potential actions at this point had short-, medium-, and long-term consequences. While there was an opportunity to disarm the criminals, I had to consider that my identity had already been shared with other co-conspirators. Therefore, fighting the criminals meant a high degree of risk. Since I didn’t know if there were other actors close by, escorting our vehicle, I opted to try to mediate the situation.
Near a road bridge and a suburban bus stop, a senior criminal boasting several tattoos, including some with satanic imagery, boarded. From this moment on, he took the reins of the operation.
Upon boarding, he consulted a checklist, validating that the kidnappers’ security measures were being met. He detected that I had another phone—a discovery that resulted in him beating me. He then changed places with the younger criminal, and I found myself moved into a new and more intense phase of the incident.
Before the story advances, consider some lessons learned in this stage, particularly regarding cell phones:
Management module. It is advisable for cell phones to have an administration module that activates an alert upon detecting unusual activity, such as a request for data erasure
Geolocation parameters. Most phones now have security parameters that can store geographical locations, which in my case was a great help both during and after the kidnapping.
Emergency messages. Emergency messages can quickly notify those within the family circle of an event. A family security keyword is essential to prove the veracity of the messages or to signal specific events.
Emergency touch buttons. One of my cell phone’s features was that pressing a button five times would trigger an emergency alert option.
Some additional lessons learned involve the kidnappers’ tactics.
Criminal familiarity with banking applications. The criminals’ familiarity with banking applications showed that they were very well prepared in handling them. They managed to completely drain bank accounts, making purchases in all available lines of credit. Some banking apps have nonfunctioning emergency buttons or fail to flag suspicious activity. Unfortunately, the ones used in my kidnapping did not alert any authority.
Especially concerning is the fact that some military weapons can be purchased online. My kidnappers acquired custom firearm grips through an online sales portal, exhausting the victim’s credit line.
Areas of scarce or no cell signal. The sites chosen for crimes are often blind spots or areas where a cellular signal is scarce. This is done both to hinder geolocation and victim tracking as well as to prevent the victim from activating the panic button or calling for help.
The lack of cell service also helps kidnappers ensure that, when communicating with family members, they control the narrative and information without interruptions or external interference. In this case, they successfully obtained approximately $450,000 MXN ($25,094) from my family.
The state where my kidnapping occurred boasts one of the highest rates of disappearances and discoveries of mass graves in Mexico—a stark contrast to the leisure associated with the international tourism industry in the same area.
Phase III: Preventing an Execution
Upon reaching an abandoned farm, I was threatened several times and then funneled into a pit, located in what I assume was an abandoned construction site—perhaps for the foundation of a house. The situation now demanded that I consider a more active response.
The kidnappers discovered that I had earlier activated a location alert, which was confirmed by a response from one of my contacts in the Mexican army. They became nervous, realizing that they were losing control of the situation.
In that pit, I was forced to make a final video call via WhatsApp to my family to try to secure the last possible amount of money for ransom. With a gun pointed at my head, I said goodbye to my wife.
The investigation would later reveal that the kidnappers had been stalling for time while other members of their operation in another part of the state were emptying bank accounts and running up lines of credit and debit. I would later discover that within that one day, my kidnappers racked up a debt of nearly $500,000 MXN ($27,930), all in my name.
In the pit, there was a change from the leader—the criminal with the teardrop tattoos around his eyes. His gaze, his voice, and his attitude were all different. He asked his co-conspirators to move away, allowing him to remain alone with me. I knew that I was possibly facing an execution, and that my last resort was now to attack.
It is not easy to defend oneself against a pistol positioned a few feet from your temple while down in a pit. Amid pleas, I tried to close the space between myself and this man in the hope of subduing him. I also considered every object in the pit for use as a weapon: stones, sticks, rusted wire. Everything could have been used, but it was not necessary.
The leader fired his gun into the air and forced me to maintain my distance, telling me to lie down. I did and began to pray. After reciting the Hail Mary three times, I looked up and found no one in the area. The leader’s growing panic upon knowing he was being tracked by federal forces had pushed him to choose escape.
I climbed out of the pit to seek help and get away from that site as quickly as possible.
When I was finally able to make contact again with family members, it resulted in providing them and authorities with my coordinates. We had previously developed a family contingency plan, and as part of that plan my family had also notified key people working in intelligence. From that point, authorities and my company were able to coordinate a rescue.
Phase IV: Post-Event Intelligence
If a victim survives a kidnapping, then he or she will begin a new ordeal—the recovery of his or her identity. In my case, the vehicle I had been in was also stolen by the kidnappers, who had driven off with my clothes and other belongings.
Some time later, while I was walking about in Mexico City and passing by a street market, I spotted a shirt I liked, and it happened to be my size. I thought that for only $150 MXN ($8), it was a bargain. It wasn’t until after I laundered that shirt that I saw that one of the buttons—the second from the bottom—had been replaced by a distinct brand that’s common in another country but not in Mexico. I realized then that I had just bought back one of my own shirts that had been stolen when one of the criminals drove off in the SUV.
Beyond physical items, I was also dealing with the identity fraud that occurred while I was held hostage. The post-event investigation found that the kidnappers had mistakenly created a digital trail that allowed investigators to track their movements: When they accessed bank accounts and ran up lines of credit, they used a stolen device that investigators were able to track. Some mobile apps or features were used to assist in the post-event investigation. In my case, three of them were:
- Location settings on cell phones, which produced activity logs. Those revealed the criminals’ escape route, as well as points where they made cash withdrawals and fraudulent purchases.
- Bank transfer locations, which revealed concentrated activity around one area within a radius of 15 city blocks.
- Specific locations, showing where email apps were used.
After identifying an address where the kidnappers and their associates had been active, Google Maps showed that it was a seemingly normal house. But when the app’s historical views feature was used, investigators were able to identify one of the vehicles that was used in the kidnapping. The photo showed it parked in the house’s parking lot, complete with a license plate. The vehicle was also identified as one that authorities were already looking for in connection with other crimes (robbery with violence).
This analysis of intelligence and geolocation of the transactions (along with information about where I repurchased my shirt) informed the authorities of the specific locations of the criminals and their hideouts, generating concrete clues.
Data generated by the investigation and shared by authorities with my company helped us develop a new operational resilience plan. Strategies and a template were designed for carjacking and kidnapping incident prevention, especially since company operations still involve its clients in luxury vehicles traversing my kidnapping location.
Data on the types of stolen vehicles, the time when the kidnappers took me out of the SUV, and the number of people targeted by the criminals reveal where criminal cells focus their preparation and intelligence efforts. Authorities then can act effectively on a stretch of highway—especially ones with limited cell signal, no surveillance, and access to escape routes.
Phase V: Double Victimization
While I was forcibly held, transactions worth tens of thousands of pesos were made from my accounts, including the purchase of a weapon. The weapon was bought on a common online shopping platform—I usually use it to buy my children’s Christmas presents.
This was possible because the banks and e-commerce platforms involved in these transactions failed to activate alert protocols for anomalous transactions, such as multiple withdrawals and purchases made in the span of only a few hours. If criminals can force the victim to make one or several instant purchases, even from a third-party vendor, this demonstrates the ease of acquiring suspicious or illicit items, including military-grade weaponry or accessories, tactical equipment, and even drones. Ultimately, the financial entities did not have an effective security filter against financing organized crime when kidnapped victims’ accounts were used.
This failure trickles down to the victim, who must engage in litigation to reverse the transactions or otherwise is burdened with the high interest and debt caused by the criminals. These measures can add to the trauma in the form of financial victimization, which can impact the victim and his or her family. It was not until I recovered my WhatsApp accounts that I discovered how money was extorted from my family members.
Returning to a sense of normalcy can be complicated, even in instances where a victim’s life is fortunately spared. While others may learn about my experience and consider other methods or responses to the incident, as far as I am concerned, my and others’ actions allowed my life to be saved.
The intention of this article is to highlight certain elements that may be valuable in the protocols of crisis management plans, following a universal crisis management scheme. Just as security professionals keep up to date on practices and strategies, so do criminals—meaning that acting with a preventive model can be valuable, potentially entirely avoiding the suffering that kidnappings can cause.
Ricardo Flores, CPP, is a security strategist with a career in overseeing luxury hotels in multiple global tourist destinations. He possesses extensive expertise in addressing high-impact crimes and organized crime threats, specializing in complex crisis management and business continuity. His focuses on ensuring operational resilience through advanced prevention protocols and asset protection within high-stakes international environments.
