It is likely that you or someone you know has already suffered an attempted virtual financial scam. This is not pure chance. Brazil is the world champion when it comes to digital fraud in the financial sector, with an average of more than 17,000 attacks per day, according to a PSafe survey.
More and more, Brazilians are opting for digital channels to carry out financial transactions and, of course, banks, companies and fintechs have adapted to carry out more and more instant online transactions, such as Pix and payments via Whatsapp.
The fact that the transfers are immediate makes them modalities aimed at blows
For this reason, we are seeing a change in the target of the attempts: before, fraudsters aimed at the banking system itself (who does not remember the bank robberies, the explosion of ATMs or the attempted invasion of the big banks?). Today, they increasingly target the end user. According to the Brazilian Federation of Banks (FEBRABAN), 70% of frauds in the country target the end customer who, in most cases, is a victim of the so-called Social Engineering.
What is Social Engineering?
This is a term used to define tactics that take advantage of processes that depend on the direct participation of users. In other words, fraudsters take advantage of the human factor to manipulate users and obtain data or change procedures in a way that benefits them. The main social engineering strategies are:
- Phishing: uses e-mails as means of communication;
- Smishing: it is done through text messages;
- Vishing: happens through phone calls.
To give you an idea, the Vishing method grew 340% in the first two months of 2021 compared to the same period last year, according to FEBRABAN. In all of these modalities, the fraudster impersonates a (theoretically) trusted third party to deceive his victim and practice fraud, either by stealing passwords, data or even infecting devices with malware, which allows him to collect information or obtain unauthorized access.
How to perform digital operations securely
My initial tip is to always be suspicious of what is too good to be true: prizes, below average values or unbelievable offers should activate your alert radar.
Another point is to always doubt what needs to be decided in seconds. No one should take out a loan, make a payment or take advantage of an investment without information and a reasonable amount of time to carry out these operations. Urgency doesn’t match money.
Don’t share your passwords and, if you do, know exactly who and when you trusted something confidential
Always check the domains, e-mail, phone numbers and, if someone is asking you something confidential or that you don’t feel comfortable with, always feel free to ask again or even ask you to get in touch.
Take recommendations (from friends and family) and remember to use technology to your advantage. When in doubt, give a Google or look at the Claim Here. If the company has a bad reputation, if customers are dissatisfied or if it does not invest in security, why should you trust it too?
Another tip for not falling for the scams is to always ask yourself: where, how and why. Which channel is being used to perform a certain action? What procedure is being requested for it to be done? And what is the reason for carrying out the requested activities.
Preferably access your account on secure devices that only you can use
When accessing a website, check if it uses the “HTTPS” protocol, which can be found at the beginning of the URL (look up at the browser and see if you see a “lock”). And always check if the page you really want to access is the one that is appearing – counterfeit pages usually have inaccuracies or spelling errors in their composition and have domain with strange names (for example, “Banco24hs”).
Regarding e-mails, always activate the “SPAM filters” in your provider, as fraudsters usually send messages to a large number of people. Also be judicious about downloading attachments and clicking on links from senders you don’t know.
Ah, one thing that helps a lot to protect your digital accounts is two-factor authentication. Always choose to use it, if possible and follow the recommendations of your fintech or bank.
Finally, another point that seems basic, but not everyone takes it seriously is the sharing of personal information. Remember that, however reliable a person may be, they can write down or forget to delete their data, handing it over to tray fraudsters.
In the same way that you do not leave the house and leave the door open or avoid leaving all your salary in your wallet on top of a square bank, take care of the money that is left in your digital account. With caution, good practices and a little information, your life becomes much more peaceful and you are free from fraudsters.
Paulo Davidcolumnist TecMundo, is the founder and CEO of Grafeno, fintech that offers digital accounts and electronic records infrastructure for companies and creditors; and is a partner at SPC Brasil in the construction of infrastructure for the financial market. Prior to Grafeno, he founded Biva, Brazil’s first peer to peer lending platform, which was acquired by PagSeguro, a means of payment company. He was superintendent of Sofisa Direto, the digital division of Sofisa bank. He worked on the Pinheiro Neto Advogados team, and on the investment manager KPTL (ex-Inseed Investimentos) team. He is an angel investor in fintechs in Brazil and Europe.