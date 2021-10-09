Be careful: yet another scam tries to steal users’ bank details. ESET, a company specializing in cyber threat detection, warns of a fake email that tries to trick victims into believing it is an official WhatsApp communication and invites them to download a backup copy of the app’s conversations and call history. messages on the computer. The real purpose of the email is to distribute a “banking trojan” that steals victims’ private data.

In that email, the message includes an attachment called “Open_Document_513069.html”. Is this an HTML file which, according to an analysis carried out by ESET, leads to a website where a file is downloaded which, if executed, will likely infect the computer with “malware” ? software designed to cause damage to a computer or a network of computers, servers and clients.

The main purpose of this scam is to steal bank credentials using fake pop-ups that make the victim believe that it is the official website of the bank that he has an account.

coup imitates real situations

“This type of scam is called phishing, which is when hackers take advantage of opportunities to take advantage of other people on the internet to obtain confidential information such as passwords and credit card numbers,” says Adriano Mendes, a lawyer specializing in digital law and data protection personal.

“These scams are not new, they are the same techniques, but with a different approach. Today, if someone receives a phone call saying that their child has been kidnapped, the person tends to ignore it, as they have been warning about this scam for years. what changes is the “clothing” of the attempt, as well as the technology behind it.”

In addition, the attacker can perform other actions on the compromised computer, such as recording what the victim types, simulating mouse and keyboard actions, logging out the victim, blocking access to certain websites, and even restarting the computer.

“All of this creates many possibilities for the scammers. The damage caused is always very severe as it is directly linked to the financial health of the victims, but the consequences can extend even further, depending on what information the criminals had access to during the coup.”, says Daniel Barbosa, information security specialist at ESET.

Loss is not just financial

Although the financial loss is the main one in these cases, other losses can be caused if a user falls into a virtual scam, such as when the scammer impersonates the person on social media. “All of this can have a negative impact on the user, as there is also the issue of reputation, which can generate questions in the civil and even criminal areas, depending on what the criminal publishes or talks about, and in the area of ​​relationships as well”, says Edison Sources, Director of the Information Security Committee at ABSEG.

“Virtual scams take us by surprise and are increasingly structured. With the constant data leaks, crackers even use part of our personal information found on the dark web to make the attempt more believable. And this allows them to send an e very convincing emails, make calls or send messages with data that the user thinks only the bank or people close to him have.” complete.

According to data survey by PSafe, a digital security company, until this Tuesday (5), there were 3,118,698 bank scams blocked by the company’s system in 2021, in Brazil.

How to protect yourself?

ESET even listed some ways in which the user can identify and protect themselves from cyber scam attempts, such as:

Check the sender of the message – even if the email looks like a legitimate email, criminals usually don’t bother to fake the “From” field of the message, and send the email with a WhatsApp face, but the sender appears as [email protected] Any email received from the sender who is not the official of the company itself is likely to be a scam.

Be wary of any passively received procedures, meaning that you did not directly request, even if the message appears to have come from an extremely trustworthy source. Whenever a company needs its customers to do something, they suggest that official media be accessed voluntarily, so that customers can do whatever is necessary. If a message, e-mail or SMS asks for a certain procedure to be followed immediately, chances are high that it is a scam.

Validate the information – if you receive something that you are not sure if it is real or not, contact the company’s official means and see if there is something that really needs to be done.

Have protection software installed, updated and configured to stop threats – to prevent these malicious codes from executing it is necessary to have adequate protection in all possible equipment.

If you receive an email or WhatsApp message and suspect it is a scam, the best option is not to reply and report the email as spam or block the number that sent the message.