Caixa Econômica Federal (CEF) admitted yesterday (21) that “hundreds of thousands” of Emergency Aid accounts were defrauded by cybercriminals, and a report published today (22) by the digital security company Axur helps to understand the real dimension of the problem .
There are so many fraud attempts in Digital Savings for the payment of Emergency Aid that Brazilian hackers have practically created a cybercrime “task force” to take advantage of the gains of the new opportunity generated by the fragile security of CEF.
The main evidence of this shift in focus by criminals is the historic drop in the number of phishing scams tracked by Axur in the “Online Criminal Activity in Brazil” in the second quarter of this year. There was an atypical decrease of 12.26% in this type of scam in the country, according to the report, and Fabio Ramos, CEO of Axur, relates this drop to the new possibilities of fraud provided by Emergency Aid.
With the emergence of Emergency Aid, which was done in a hurry and made possible a series of frauds, criminals chose to target the blows in this government program
“We have seen a very significant increase, quarter after quarter, in phishing cases in Brazil. So we are going through a very atypical moment, and criminals are looking for the scams that give them more traction or more results at the moment. With the emergence of Emergency Aid, which was done in a hurry and made a series of frauds possible, criminals chose to target the blows in this government program, according to information that we collected on the dark web ”, explained Ramos in an interview exclusive to TecMundo.
Ramos believes that, once the payment of the Aid is finalized, the number of phishing scams should increase again in Brazil, a country that has one of the highest rates of criminal activities of this type in the world.
An example of a page for capturing data on aid beneficiaries identified by Axur
“I usually say that the criminal doesn’t like to work. If he liked it, he wouldn’t be in crime. So they always look for the easiest way to make money and make the scam. Obviously, the volume of fraud related to Emergency Aid is very large and very easy to take advantage of. On the one hand, they have phishing, which has a good rate of return, but on the other, they have Help, so they went straight to where they give more money ”, evaluated Ramos.
Is it that easy?
There are two fundamental factors that make Emergency Aid so easy to defraud. The first is the wide availability of complete data from Brazilian citizens on the dark web for sale or tools to capture this data. The second is a “security breach” of Caixa Tem, the app created by CEF to operate Digital Savings in which the amounts of the Aid are deposited.
This flaw is not exactly a loophole that the bank missed, but rather a “resource” deliberately developed so that more people would have quick access to funds for citizens affected by the economic crisis.
Caixa Tem allows each Android or iOS device to register and operate multiple Emergency Aid accounts at the same time. This, theoretically, would facilitate access to money for people who did not have a compatible cell phone to operate their own account. The idea is that other beneficiaries would help these individuals without access to the internet to request and even move their money.
Caixa’s app allowed the movement of more than one account per device, facilitating fraud (Reproduction / Play Store)
In an interview with InfoMoney, CEF’s president, Pedro Guimarães, made it clear that this situation was largely abused by criminals to deliver coups. In this way, all “hundreds of thousands” of accounts that were moved together on the same device were blocked by Caixa.
“We have evidence that the vast majority [das contas múltiplas em um só aparelho] were used by hackers. But some honest people who have been penalized, “he said. With that, the blocked accounts will only be released again when the beneficiaries appear at a Caixa branch to prove their identity.
Organized cyber crime
According to analysis by Fabio Ramos, CEO of Axur, the rapid reaction of criminals to the possibilities generated by the Caixa Tem security breach happened because there is a well-defined organization among cybercriminals.
“There is the guy who captures the victims’ data, the ones who validate and enrich the data and this division goes on until the end, with the guy who goes to the checkout to withdraw the money from the fraudulent account. And they are all part of different groups, ”he said.
With the announcement of Emergency Aid, people began to search for a lot of information on the topic on the internet, and that is why the fake pages and applications that tricked users into obtaining personal data began to appear, which were later used to solicit and defraud. accounts at Caixa Tem.
Sometimes people believe more in what is running on WhatsApp because they received it from a friend or relative
Ramos also pointed out that fake apps were available even in official mobile app stores, such as the Play Store. They not only simulated Caixa tools made for Emergency Aid, but also other services such as SUS, Ministry of Health and more.
“In this moment of fragility, with unemployment and lack of money, people don’t rationalize much, and criminals take advantage of this fear and anxiety that support the success rate in a coup,” explained Ramos. “The Government also leaves some gaps. It is not that easy to get official information, and as we are today ‘drowned in information’, sometimes people believe more in what is running on WhatsApp because they received it from a friend or relative. These gaps in official communication end up giving space to criminals ”.