A false news about an “Emergency Christmas Bonus”, which circulates on social networks, can lead Internet users to a very unpleasant surprise. The cybersecurity company Kaspersky warns that this is a scam that tries to trick users into clicking malicious links. The result can lead victims to purchase premium services without their consent, or even have their personal or financial data stolen.
According to analysts, the fraud begins with a message stating that beneficiaries of Emergency Aid, Bolsa Família and pensioners would be entitled to an “allowance” of R $ 800 reais that would be released by the Federal Government. This message is being disseminated by WhatsApp.
To be entitled to the false benefit, users are invited to click on a link that redirects them to a page with a presentation similar to the application of a national bank. In it, the user is asked to answer a questionnaire and provide private data (such as name and CPF).
Fraudulent page that tries to trick WhatsApp and Facebook users (Reproduction / Karspersky)
Finally, to confirm that the person is not a “robot”, the site asks them to click on a link to share the registration on Facebook status. The page also warns that a confirmation SMS will be sent. According to Fabio Assolini, a senior security analyst at Kaspersky, this is the moment when the scam happens.
“When carrying out the alleged confirmation, the user will be hiring a paid mobile phone service without knowing it. The charge will be made on their next bill, and many end up paying without even realizing it. This is because fraudsters are creating registrations on service platforms. of added value for operators and, thus, using the collection structure of these companies to obtain financial gains “, explains Assolini.
The expert also does not rule out that the tactic can be used for other attacks, such as phishing. “It is possible that this same artifice is replicated for theft of personal or financial data, which is an even greater concern now when registration for the PIX system is being made. Therefore, it is important that people know that it is about a blow and that they can have a serious loss if they fall into the fraudster’s “tale”, he warns.
Assolini adds that this attack has some characteristics typical of Brazilian cybercriminals: they distort true news or invent rumors, always with tempting offers to attract the attention of the victims.
The message used to deceive victims and take them to fraudulent pages (Reproduction / Karspersky)
How to protect yourself
The Kaspersky expert points out that the user can be aware of some traces left by scammers. In the case of the fake Christmas bonus scam, the first signs appear in the initial message: spelling mistakes and directing to an address with no connection to the bank.
In addition, these are some important precautions to avoid falling into scams like:
- Always be suspicious of links received by emails, SMSs or WhatsApp messages, especially when the address looks suspicious or strange;
- Always check the address of the website you were redirected to, the link address and the sender’s email to ensure that they are genuine before clicking, as well as checking that the link name in the message does not point to another hyperlink;
- Check if the news is true by visiting the official website of the company or organization – or the profiles on social networks;
- If you are not sure that the company’s website is real and secure, do not enter personal information;
- Use reliable security solutions for real-time protection for any type of threat.