Financial scams are becoming more common in the country, mainly due to the growing popularity of digital media use. This week, cybersecurity firm Kaspersky found out a new type of scam, applied using the Brazilian Prilex virus, which is now able to block contactless payments in stores. This forces the consumer to enter the paper into the machine, which makes data theft possible.
With ever more sophisticated scams, the financial life of Brazilians comes out in the open and criminals take advantage of the situation, applying scams ranging from data theft by hackers to social engineering, a method which consists in psychologically manipulating someone so that the person provides confidential information, such as passwords for cards and accounts.
THE pandemic increased the user base of digital services in the banks and mega-data leaks in 2021 put the personal information of nearly every Brazilian on the internet, so virtually every citizen is potential coup target. This was also revealed by research conducted by IBM in early 2022 financial fraud is a relatively more serious problem in Brazil than in the rest of the world.
Therefore, it is important for the population to remain vigilant and take measures to prevent themselves. A few simple cures can make life difficult for scammers and avoid the headache that is falling into one of these scams. See below for tips on how to protect yourself.
How to Protect Yourself: Contactless Payment Scams
In the case of the scam that blocks the payment by approximation, it is a virus, called Prilex, which affects point-of-sale computers. Therefore, there is a need for retailers to take care of the safety of their operations – and the consumer can also be aware of:
- If, attempting to make an approximate payment, an error message appears, the consumer must not resort to the physical card, but to other payment alternatives, such as cash or pixto avoid inserting the card into the machine, which is when the data is stolen;
- Computers used for point-of-sale payment systems must not be used for other purposes and the system must have an up-to-date and robust security solution, preferably solutions with different levels of protection;
- It is important for the consumer to keep track of the amounts issued on the card bill and also through banking applications. If you discover an undue expense, you should contact your financial institution to try to resolve it. An incident report can also be made.
How to protect yourself: Social engineering scams
In other scams, which use social engineering, the criminals call the victim by posing as employees of banks, shops or other service providers, simulating a telephone switchboard, which even has registrations waiting and transfers from one “servant” to another. The link is compelling, with scammers even quoting victim data for confirmation, information that may have been gleaned on social networks or even records leaked onto the internet.
Earning the victim’s trust, gangs may attempt to obtain bank details during the call, including card numbers and passwords:
- Be wary of calls claiming to come from banks or shops, even if you recognize the number, as there is software that allows you to mask any phone number;
- Banks never call the customer asking for data or requesting the installation of any type of application or any security update on the mobile phone. They also never call asking the customer to make wire transfers;
- Never pass sensitive data and information over the phone.
In some cases of calls claiming to be from banks, criminals report that the account has been hacked or suspicious movements have been identified. They trick the victim into installing an application which they claim will fix the problem, but in reality, the application allows remote access to the mobile phone so that the scammers can search the device for passwords and use banking applications to commit fraud:
Continue after commercial
- Try to stay calm. Fraudsters usually report suspicious movements in the account to give an air of urgency to the requests they will make to the customer, but you have to calm down so as not to fall for the scam;
- Never give access to your mobile phone or install unknown applications, either through received suspicious links, or through websites or even the application archives themselves;
- Be careful with passwords and important information, never leave them exposed in messages or applications such as notepad, WhatsApp and others;
- Always monitor your checking account;
- Change password frequently for websites, apps, banks. Never use the same password on shopping sites, banks or any other applications, which can facilitate the action of criminals;
- Always use the security features available in applications, mainly from banks to confirm transactions (double check authentication);
- Keep your mobile up to date and have antivirus software on your device. There are software that work like digital safes that can help the user to make their data more secure;
- Some mobile operating systems already have secure folder resources, and it is recommended to install bank software there. Consult the manufacturer’s website for installation and usage instructions;
- If in doubt, contact your bank or go to the branch, however, you should pay attention to the following information.
In the calls, the scammers also ask the suspicious customer to hang up the phone and call the bank to confirm the veracity of the information. But scammers, in landline calls, can “hold” the line up to 5 minutes after the customer hangs up, according to information from Banco do Brasil. If the customer calls immediately and on the same phone, the scammer himself will answer the call and impersonate the call center:
- The most recommended thing is that the consumer uses another telephone device to contact the bank (and not the same one in which he received the call). Care should be taken to call the official numbers of the financial institution. Another option is to go to the agency in person.
How to protect yourself: WhatsApp account hijacking
There are calls that also aim to hijack the victim’s WhatsApp account.
The fake janitors ask the victim to confirm a code received via SMS: it’s the code used to activate the WhatsApp account on another device, causing the victim to lose access. From there, the scammers begin attempting to extort money from the account contacts:
Continue after commercial
- Never give passwords and confirmation codes to third parties, either by telephone or by any other means. Banks and retailers do not ask for this information.
How to Protect Yourself: Phishing Scams
Other common scams use phishing, a technique that sends emails or text messages with bank or cell phone application security update messages or other false information, which tricks people into clicking on malicious links:
- Never click on unknown links received via email, social media, SMS or WhatsApp.
How to protect yourself: online shopping scams
You also need to be careful when shopping online. Emails or text messages can spread false promotions in stores, making the user click on malicious links or fill in forms with their data to access non-existent discounts:
- Be wary of promotions that seem too far-fetched, with very low prices. These are usually scams;
- Never click on the links you receive or provide personal information on sites that claim to have promotions or discounts;
- Fraudsters can clone websites of big stores to make consumers think they are shopping on the real website. Therefore, when buying from well-known shops, the person is advised to type the link carefully in order to actually enter the real site;
- When purchasing from mobile, always use the official apps of the stores;
- Using antivirus is very important. Some of these programs detect fake websites – this service, however, is usually only available in paid versions;
- As for the payment methods for online purchases, it is advisable to use digital wallets, which offer greater data security, or the virtual credit card offered by banks. Never save physical credit card details on websites;
- To check if an unknown site is safe, gather as much information from the page as possible, check if a CPNJ exists, check the CNPJ on the federal revenue website, identify the address, and see if it exists. You can also look up the page’s reputation on sites like Reclame Aqui, for example. Procon-SP also provides a list of company websites that are bad vendors and should be avoided;
- Other precautions when shopping online are never to use public Wi-Fi networks and never to repeat passwords to access different shopping sites – you must have a password for each.
#protect #scam #approach #tips #avoid #criminal #actions