The old scam of the clear won a new variant. Twitter users have reported receiving an email aesthetically similar to the operator’s reports in recent weeks. In addition to the collection of a delayed invoice in the amount of R $ 489.90, the statement also says the full name of the sender. The ticket and the message, however, were not issued or even sent by the company.
How does the Claro billet scam work?
Fake emails are sent from an address that does not belong to Claro. The message starts with the recipient’s name, information that also appears in the subject of the message. Then there is the notice that there is an overdue invoice in the amount of R $ 489.90 and that the duplicate is attached for the customer’s “convenience”.
The attached PDF contains a bar code and the victim’s name. But when making the payment, the bank informs that the boleto was issued by MercadoPago. In addition, the operator is not even mentioned when confirming the transaction: instead, names of individuals appear that vary according to the generated ticket.
Kaspersky senior security analyst Fabio Assolini told the Tecnoblog that scams from fake energy and internet bills are quite common and not new. He also explains that fraudsters, in general, use fintechs due to the speed to open accounts and issue slips and points out that MercadoPago is not the only service used for this purpose.
“However, it is important to note that these institutions are also quite quick to block fake accounts. For this reason, the user must look for the institution and make the complaint as soon as he has the suspicion ”, he adds.
Regarding the names found when paying the alleged invoices, Assolini says that the fake bills are issued in the name of oranges. But these people are not always conniving with scammers: there are also cases of victims who had their data used to open online accounts.
THE Tecnoblog contacted Claro on Wednesday (10). In a note, the operator says that “a wave of scams, through fake slips, has affected several sectors of products and services in Brazil” and that “constantly invests in security policies and procedures” to “identify fraud and protect its customers ”.
The operator also explains that your invoices are password protected and officially sent by email “firstname.lastname@example.org”. The operator also guides customers to confirm the account value by Minha Claro and, in case of doubts, get in touch through its service channels.
How to recognize and avoid scams by email?
Assolini also gave tips on how to recognize and avoid scams by email. According to the analyst, the fake invoices are always started with bank codes. In this case, for example, payment slips begin with the code “237” (Bradesco), instead of the operator’s numbers. “It is important that users become familiar with these codes,” he says.
“Generally, internet or telephony invoices use specific codes from the service providers, and therefore the legitimate invoice bar code will always start with the number“ 8 ”, indicating this type of company (such as Claro’s 846 or 848) ) ”, He explains.
In addition, the analyst suggests using direct debit payments to avoid blows and the always be suspicious of invoices received by email. Another recommended practice is to use of Registrato to check where your data is being used to open accounts, apply for credit cards and loans.
In case of payment of a fake payment slip, Kaspersky’s senior analyst guides the opening a police report (BO). You also need report the scam to the financial institution in question to take appropriate steps to prevent others from becoming victims as well.
“Unfortunately, it is difficult to get the money back, as scammers tend to be quick: as soon as the money falls into the receiving account of the boleto, they transfer or withdraw to other accounts, especially using Pix,” he says. “Therefore, it is important to report the fraud to the fintech involved.”