PIX, the new Brazilian instant payments platform, begins to materialize user registrations this Monday (5th), but cybercriminals are already lurking with scams of all formats to try to capture data from unsuspecting citizens. But if no one is yet familiar with the interface that financial institutions will use for registration, how can we avoid falling for scams without having any basis for comparison?
We spoke with Eli Enrico Carnette, fraud prevention leader at Agibank, to understand what you can do to avoid being tricked by some internet criminal. This is important because Kaspersky security researchers identified scams being applied using the PIX as a hook as early as September. As the launch of the novelty approaches, threats are expected to increase.
According to Carnette, the best strategy to avoid falling into any scam related to the PIX is for the user to take the lead and register their keys in the apps of their banks or financial institutions before receiving notifications or invitations.
“The correct way is to access your bank’s application and look for the option to register with PIX”, warned Carnette in an exclusive interview to TecMundo. “To register with PIX, it is only necessary to inform what your key will be (email / phone / CPF), and it is this key that will direct the money to your account at that organization. Often, the institution already has these data registered, and the customer must only confirm which one he wants to use. If the institution asks for more bank details, such as passwords or card number, be suspicious and confirm the procedure through a secure channel before informing any personal data ”, he added.
See how the PIX (Playback / Central Bank) will work
One of the most traditional tactics of phishing scams is to “hook” the victim with some information or invitation about a novelty, such as PIX, and take the person to an extremely well-built web page to look or be identical to a bank’s official page , for example.
So it is important to avoid clicking on any type of invitation and always be suspicious of the source that is sending that information to you. “It is crucial that the customer sign up from within their own application or official bank page”, reinforces Carnette.
But if you think you may have already fallen into some PIX-related scam, it’s important to understand the consequences of that. Carnette predicts that criminals will try to use information from PIX users to “steal identities” on the web. In other words, they can obtain your phone number, email or social security number and register an account on the PIX that is not yours. With that, they can get in touch with people you know and request money by posing as you.
“A well-known scam is the WhatsApp scam, in which criminals request cash transfers from contacts of a victim who had the app cloned. Using PIX, someone could create an e-mail key with a name similar to that of the victim and trick your contacts more easily. ”
Using PIX, someone could create an e-mail key with a name similar to the victim’s and trick your contacts more easily
If that happens, the PIX will have a security feature that will allow users who are victims of scams to challenge the use of a key on the platform and claim it for themselves. That way, if someone is able to steal your data to impersonate you on the PIX, it will be possible to reverse the problem without major difficulties.
This does not mean, however, that you can be carefree. Similar scams on WhatsApp happen so often because criminals really make some kind of profit out of it. If they manage to steal your PIX key, the problem may be even more serious.
“It is important to remember that each key can only be used in one financial institution and that the money is deposited in your account, not in the PIX key. Therefore, the same account security recommendations apply to keep your access data and passwords safe. Avoid accessing your third-party device accounts and keep your operating system up to date, ”recommends Carnette.