Did you fall for the Pix scam? Know what to do and how to protect yourself

Scams applied to bank transfers carried out by Pix, unfortunately, have already become known to Brazilians.

At the same time that the tool facilitated banking transactions, it increased the risk of fraud in digital environments. However, it is also true that it has become easier to find the culprits.

According to the Brazilian Federation of Banks (Febraban), for this reason, the institution and associated banks “are strengthening their communication actions to guide their customers in case they are victims of any crime”.

Febraban emphasizes that “all Pix transactions are fully traceable, and in the case of irregularities, all those involved will be identified and accountable for the offenses.”

But how do you act when you are the victim of a scam on Pix?

In case of a scam applied by smartphone, the customer must notify the bank immediately. so that additional security measures are adopted, such as blocking the financial institution’s application and the access password.

If your cell phone is stolen or stolen, it is necessary to notify the telephone company to block the telephone line as well. One police report it must also be registered to “give visibility to the crime, assist in police investigations, and subsequently allow for the identification and arrests of criminal gangs”.

According to Febraban, “banks maintain a close partnership with governments, police (Civil, Military and Federal) and with the Judiciary in the fight against crime, proposing new standards of protection, providing data and information that allow authorities to act in the identification of those responsible for crimes through the use of banking transactions”.

How to protect yourself?

  • Review and set the Pix limit

Febraban indicates — as a first step to protect against scams — frequent consultation of the limit in the instant payment system, that is, the user must always be aware of the amount available for making payments, reviewing and configuring the most appropriate amount for your financial transactions.

Another warning point indicated by Febraban are the applications of financial institutions. Although they have “maximum security at all stages” and “there is no record of breaches of the security of these apps”, the institution urges users to be careful when using the apps in public places and on public transport. That’s because, if the person is robbed or stolen with the cell phone unlocked, the criminal can perform searches on the smartphone and have access to the passwords registered on the device.

It’s important, then, to be careful where your passwords are written down — such as WhatsApp groups, emails, or other smartphone apps.

Febraban gives the following tips to increase app security:

  1. The bank password must be used exclusively to access your financial institution; never use the same password in other apps
  2. Never write down bank access passwords in notepads, emails, WhatsApp messages or other places on your cell phone; memorize it for use
  3. Always use the mobile home screen lock procedure;
  4. Never use the “remember/save password” feature on browsers and websites.

See what are the most common scams with Pix

By Washington Luiz, in collaboration with CNN Brasil Business


Whatsapp Cloning

In this scam, criminals send a message via WhatsApp and pretend to be from companies where the victim has a record. They ask for the security code, which has already been sent by SMS by the app, and claim it is an update, maintenance or registration confirmation.

With this code, the crooks replicate the WhatsApp account on another cell phone. Once that’s done, they send messages to the person’s contacts, posing as the person, borrowing money by transfer via Pix.

Enabling “Two-Step Verification” in the app can reduce the risks of having WhatsApp cloned. To do this, just do the following step-by-step in the application: Settings/Adjustments > Account > Two-step verification.

This setting allows you to register a password that will be periodically requested by the app. But beware: the password must not be sent to other people or typed in incoming links.

Social engineering with WhatsApp

Another common fraud occurs when the criminal chooses a victim, takes a photo of her on social networks, creates a new WhatsApp account and somehow manages to discover cell phone numbers of the person’s contacts.

With the new number, the criminal sends a message to the victim’s friends and family, claiming that he had to change the number due to some problem, such as a robbery. It then asks for a transfer via Pix, claiming to be in an emergency situation.

The orientation of Febraban, in this case, is to be careful with the exposure of data on social networks, such as, for example, in sweepstakes and promotions that ask for the user’s telephone number.

Another tip is to always make sure that the person has actually changed their phone number whenever they receive a message with this information.

“Customers should always be suspicious when they receive a message from a contact who urgently requests money. Do not make Pix or any type of transfer until you talk to the person requesting the money”, advises the federation.

False employee and false call centers

It is also common for the fraudster to contact the victim and impersonate a false employee of the bank or company with which the customer has an active relationship. The criminal offers to help the customer to register the Pix key, or says that the user needs to test the instant payment system to regularize his registration, and induces him to make a bank transfer.

About this scam, Febraban emphasizes that “the customer’s personal data are never actively requested by financial institutions, nor bank employees call customers to test with Pix.” When in doubt, the guideline is always to contact the bank for clarification.

Pix bug

Criminals also act through a “bug” scam (failure that occurs when running some electronic system) of Pix. On social networks, criminals claim that thanks to a “bug” in the payment system it is possible to earn double the amount that was transferred to random keys. However, by doing this process, the client sends money to scammers.

The Central Bank itself has already warned that there is no “bug” in Pix. Febraban emphasizes that customers should always be wary of messages that promise easy money and that arrive via social networks or email.

Key Registration

The registration of Pix keys must also be done directly on the official channels of financial institutions, such as the banking application, internet banking, branches or through contact made by the customer to the call center.

“Consumers should not click on links received by emails, WhatsApp, social networks and SMS messages, which direct the user to a supposed registration of the Pix key”, says Adriano Volpini, director of the Executive Committee for Prevention of Febraban frauds.

He also states that the care that the customer should take when making a transaction through Pix should be the same as when making any financial transaction. “It is always necessary to check the data of the recipient of the Pix transaction (payment or transfer), whether for a person or a commercial establishment”, he says.