The Federation of Banks (Febraban) warned about scams involving the use of Pix. According to the entity, criminals have taken advantage of the growth in the use of digital solutions by the population to trying to apply scams, especially using social engineering techniqueswhich consist of psychological manipulation of the user so that he provides confidential information or makes transactions in favor of gangs.
“Stop, think and suspect. Customers should always be suspicious when they receive a message from a contact claiming to be in an emergency situation. We also warn that the customer’s personal data is never actively requested by financial institutions, nor bank employees call customers to test Pix, test transactions, payments or chargebacks of releases”, guides Adriano Volpini, director of the Prevention Committee Febraban Fraud.
Volpini also emphasizes that the banks’ systems and applications are safe and rely on the use of advanced protection technologies. There is no record of security breaches for these apps.
Be careful with passwords
Many users write down their bank access passwords in notebooks, emails, Whatsapp messages or elsewhere on their cell phones. There are also cases of customers who use the same bank access password in other applications, shopping sites or services on the internet, and these apps, in most cases, do not have robust security systems and adequate protection of customer information. users.
In addition to the use of a personal password, transactions are protected by a token, facial biometrics or any other random security factor that the client’s bank offers.
Below are the main scam attempts practiced today using Pix as a means of payment and how to avoid them:
The most common scams with the use of Pix
Fake bank employee scam
How it works: The fraudster contacts the victim posing as a fake bank employee. The criminal offers help for the customer to register the Pix key, or even says he needs to test the system to supposedly regularize his registration.
- fake sms
Another scam is when the victim receives a false SMS on behalf of the bank about a suspicious transaction, asking the customer to contact a supposed central office (a fake “0800”), where the victim is asked to enter his bank details and password. With the captured password, the scammer accesses the victim’s account and can see bank statement information.
From there, it starts telling victim’s latest account operations and accurate bank statement details to gain their trust. Afterwards, the criminal talks about alleged high-value Pix deposits/transactions made by the account, citing the names of the recipients, unknown to the customer. On the pretext of regularizing the account, the scammer then asks for operations to be made to the same recipients, to cancel or reverse operations. At this time, the scammer is inducing the person to carry out a transaction (TED and Pix) for accounts associated with the criminal.
How to avoid
Never make calls to telephone numbers (0800) received via SMS or other messages. Always call your bank’s call center number or your manager.
Banks call customers to confirm suspicious transactions, but never ask for data such as passwords, tokens and other personal data in these calls. Banks also never call and ask customers to make transfers or Pix or any kind of payment.
fake receipt scam
Through a criminal app, criminals forge Pix receipts with data such as bank account, recipient and payment system key that appear to be legitimate. However, when the recipient of the funds goes to check his account, he discovers that the money was never transferred and that he was the victim of a scam.
How to avoid
In a commercial transaction using Pix, the recipient should always check whether the money actually landed in his bank account to later deliver the proceeds from the sale.
Whatsapp cloning scam
The criminal sends a message through the app pretending to be from a company where the victim has a record. They request the security code, which has already been sent by SMS through the application, stating that it is an update, maintenance or registration confirmation. With this, they manage to replicate the WhatsApp account on another cell phone and send messages to the person’s contacts, pretending to be them, borrowing money via Pix.
How to avoid
A simple measure to avoid cloning is to enable the application’s “Two-Step Verification” option in the application.
Social engineering scam with Whatsapp
The criminal chooses a victim, takes their photo on social networks, and somehow manages to discover the person’s contact cell phone numbers. With a new cell phone number, he sends a message to the victim’s friends and family, claiming that he had to change his number due to some problem. From then on, he asks for a transfer via Pix, saying he is in some emergency situation.
How to avoid
Febraban warns that it is necessary to be very careful with exposing data on social networks, such as, for example, in sweepstakes and promotions that ask for the user’s phone number.
When you receive a message from a contact with a new number, you need to make sure that the person actually changed their phone number. Don’t do Pix or any kind of transfer until you talk to the person requesting the money.
fake auction scam
Scammers create fake auction sites, advertising all kinds of products for prices well below market. Then they ask for transfers, deposits and even money via Pix to ensure the purchase. They usually appeal to the urgency of closing the deal, saying that you can lose the discounts, but they never deliver the goods.
How to avoid
Always research the auction company on complaint sites and check the auctioneer’s CNPJ. Never make transactions on sites that do not have a security padlock on the browser or transfers to individual accounts.
remote access scam
In this scam, also known as the Phantom Hand Scam, the fraudster can contact the victim by pretending to be a fake bank employee. It uses several approaches to deceive the customer and says it will send a link to install an application that will solve a supposed problem. Or even send SMS, fake emails or links in messaging applications, which induce the user to click on suspicious links, which install malware (malicious software) that will give access to all the data that is on the cell phone.
How to avoid
The bank never calls the customer or sends messages or emails asking him to install any kind of application on his cell phone to supposedly rectify a problem with the account.