Scam defrauds account Pix QR Code without leaving a trace – 03/18/2024 – Tech
[ad_1]
Criminals have been diverting the Pix used to pay electricity, water, telephone and other service bills. The fraud alters the email attachment without leaving any clues for the user.
To do this, scammers use the new version of the Reboleto tool, originally designed to revalidate expired bills, which now allows you to change the QR code available when billing.
Whoever pays the fraudulent bill has a double loss: they lose the money and continue with the debt.
Scammers take advantage of the tendency for companies to encourage people to send digital bills. There are energy, water or telecommunications concessionaires that offer discounts, depending on the savings on paper and transport.
There is also an incentive to pay via Pix, which does not involve the fees of the traditional banking system.
To avoid leaving traces, criminals use an email access method called imap, which allows them to access and edit texts and documents contained in messages without showing that the messages have been opened or tampered with.
With this system, scammers access documents in several compromised email accounts at the same time. Messages involving payments are found using keywords such as “the invoice is attached”, “Pix key” and “QR code Pix”.
Access to the victim’s email still depends on a password. Cybercriminals can buy databases with access information to internet accounts or steal it through fraudulent advertisements or a spy virus, the stealer.
Sometimes, the password leaked on the deep web is not specifically the one from the email, but people also have a habit of repeating passwords.
Another vulnerability is very simple passwords, such as “123456” or “123change”. Software called “brute force” tests password possibilities until it gains access to the account and trivial keywords are the first guesses.
The victim may still notice the fraud if they check the Pix sender. “The most detailed criminals create micro-companies with names similar to those of the companies that issued the invoice, but others simply put in a bank account”, says Fabio Assolini, team leader of security analysts at Kaspersky, the company that discovered the new scam .
If the victim notices the scam very quickly, there is a chance that the bank will refund the Pix, as this transfer method is traceable.
Cybercriminals, however, tend to distribute the amounts quickly between several orange accounts, to make it difficult to trace the money.
Charge amounts are not usually changed, to maintain the likelihood of the scam.
Scammers prefer high-value bills. “Access to the email of an employee in a company’s financial sector can do great damage,” says Assolini.
Another way to check the origin of the bill is to use the internet banking option that lists all bills issued to a CPF or CNPJ, automatic direct debit. This way, the person will be able to see the original charge and the fraudulent code.
How to prevent yourself
To prevent this scam, the first step is to protect yourself from password leaks and adopt strong keywords, with numbers, upper and lower case letters, as well as symbols.
Assolini recommends using password management programs that record passwords, such as 1Password, Bitwarden or Nordpass. “The user does not need to remember the password but rather avoid repeating them and making them difficult.”
It is also possible to check whether an email is in databases available on the internet on sites such as haveibeenpwned.com and
Assolini also recommends that companies hire cybercriminal forum monitoring services to check leaked credentials
[ad_2]
Source link