In force since November 2020, the Pix it has been gradually incorporated into the routine of a growing number of Brazilians. The problem is that progressive adherence to the modality is accompanied by attempts at fraud. As a preventive measure, the Brazilian Federation of Banks (Febraban) is publicizing the four most common Pix-related scams.
The disclosure is part of the first 2021 edition of the so-called Digital Security Week, a campaign that essentially aims to instruct the population to prevent fraud involving electronic media.
Note that all the scams listed by Febraban are based on social engineering, that is, they exploit tactics that try to convince the citizen to perform a certain action without him realizing that he is falling into a “trap”.
This is probably the most widespread coup attempt. Criminals contact the victim using arguments that try to convince the victim to enter the service’s security code, sent by SMS.
They may say, for example, that the procedure is part of an application security update or a registration confirmation. The arguments vary widely, but they all have the same objective: to make the user inform the security code.
If the person does not realize that they are being cheated and enter the code, they can have their WhatsApp account cloned. From there, criminals can send messages to the victim’s contacts asking for a loan of money via Pix due to an emergency, for example.
Enabling two-step authentication for WhatsApp is an effective measure to prevent account cloning.
Fake WhatsApp account
This type of scam is a little less sophisticated, but it is also dangerous. Criminals collect victim data, including photos, create a fake account in her name on WhatsApp, and discover the phone numbers of the person’s friends or family.
In the next step, the criminals contact these people by posing as the victim and saying that she had to change her cell phone number. What’s next? Money orders via Pix.
“The customer should always be suspicious when he receives a message from a contact who urgently requests money. Do not make Pix or any kind of transfer until you speak to the person who is requesting the money ”, guides Febraban.
Fake bank employee
In this modality, the scammer contacts the victim posing as an employee of a bank or other type of financial institution. To convince the person, the scammer can be supported even by a fake telephone exchange that reproduces recordings that refer to the company’s services.
The fake employee gets in touch offering help for the client to register a key on Pix, do a test on the system or regularize their registration, for example. In any of these actions, the person is induced to make a bank transfer at some point.
Febraban explains that bank employees do not call customers to do tests with Pix and advises the customer, when in doubt, to interrupt the contact and seek his bank for clarification.
This type of scam can spread both through instant messaging services and through social networks. Basically, the person receives a message that says, due to a bug in the Pix system, he can get twice as much money when making a transfer using certain keys.
It is obvious that it will not receive any value. With this action, she will only be transferring money to a scammer.
Febraban also points out that, when using Pix, the customer must follow the same precautions indicated for any other type of transfer, such as checking the recipient’s data.
It is also important to register keys only in the official channels of the financial institution, such as applications or agencies, and be wary of unsolicited contacts or offers of help about this. Adriano Volpini, director of the Executive Committee on Fraud Prevention at Febraban, adds:
The consumer should not click on links received by e-mails, WhatsApp, social networks and SMS messages, which direct the user to an alleged Pix key registration.