Receiving an attractive message like a gift or money in your account has become very common these days. Claudia Ribeiro, a 58-year-old saleswoman, almost fell for an “SMS scam” in which criminals send messages to her cell phone informing her of receiving a prize. However, in return, you must provide your personal data, which contains an error.
“Congratulations, you have been given R$300.00 by your bank. Click this link to get the amount. What caught Claudia's attention was a message with this content; A customer of Digital Bank, he went to check if the amount was in his account.
Finding no evidence of R$300.00, the seller contacted his bank's official customer service channel and alerted them to the fraud. She doesn't click on the link, but, according to experts, they lead you to:
- A WhatsApp number, the criminal will ask for your bank details to release the money;
- Virtual game betting sites that place bets on sites where the victim does not exist.
1,000 strokes per minute
In 2023 and 2024, Brazilians experienced 1,379 cyberattacks per minute, according to a study by Kaspersky.
ESET – an information security company – in a survey carried out in 2023 in more than ten countries such as Brazil, Argentina, Chile and Mexico, 61% of the participants know that they have been defrauded at least once by banking institutions.
The study also suggests that payment websites and applications are increasingly targeted as they contain users' financial data.
The same research shows that email and messaging apps are the fraudsters' preferred means of sending these types of messages that contain phishing messages (messages impersonating banks or companies to illegally obtain information). It is increasing as it proves to be very effective in creating new victims
According to Bruno Trigo, Senior Risk Manager, Digital Account at 99Pay, 99, SMS fraud is one of the top customer complaints. “In this scam, the person is tricked by the possibility of receiving money, and as a result, shares the credential and private token sent to verify the login or change the password. When you share this, a fraudster can gain access to your account. It is very common,” says the expert.
According to Trigo, companies are increasingly using other layers of security: “We understand that a token alone is not enough to guarantee security, because people share this information,” said the 99Pay expert.
For example, at 99Pay, experts have added new security tools to ensure a secure environment.
“We know the identity of the device. So, even if it's done with the right credentials, but with a device you don't normally use, we'll ask for additional layers of verification: in addition to the password and the token, we'll also ask for proof of existence, which is a selfie and doing an action like looking at a page or winking to make sure it's you.” Trigo explains.
The advice he gave was that initially, don't rely on the easy money offer. Bruno Trigo has launched campaigns to create awareness among customers so that they do not interact with suspicious messages and in case of doubt, contact the official channels of 99Pay.
“Always focus on official channels of financial institutions, with single phone numbers. None of them will contact you from an unverified phone number. Do not contact. If in doubt, contact official channels”, including manager.
How to protect yourself
In an interview with Terra, Daniel Cunha Barbosa, security researcher at ESET, says the first thing you should do is be suspicious of passively received messages, meaning messages you didn't request before.
“It is interesting to compare the received link with the address of the official website of the company, the links sent by criminals are always different from the official website or are camouflaged in some way. Two methods often used by criminals to hide fraudulent links are by using URL shorteners or by linking to a single word to hide the link and prevent it from appearing in the main message”, he explains.
“Scams involving financial institutions and payment applications usually contain promises of high financial gains,” said the ESET expert.
Barbosa emphasizes that no financial institution asks for personal information such as passwords, document numbers, etc. through attachments sent through cell phones or phone calls. They don't ask user to do Pix transactions.
“One guideline that should be a rule for everyone is to only use the official channels of companies, protect yourself with malware detection software, and always stay up to date on methods and new scams. Security is achieved through technology and knowledge,” Barbosa concluded.
Source link
