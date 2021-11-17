A 78-year-old retiree received a phone call from her son at the end of July saying that an alleged bank employee had contacted her reporting that criminals had tried to access her bank account.

The woman then went to an agency in the city of Santos, on the coast of São Paulo, and performed the procedures that the alleged employee indicated. The next day, the retiree received a new call informing her that the procedures had not been completed and instructed her to go to an ATM to complete them.

Soon after following the steps, she tried to make a debit purchase at a pharmacy and was denied the operation. Upon entering the bank’s application, the retiree realized that several transactions had been made, including a PIX in the amount of R$ 24,700 and several loans.

The scammers took money from the account until the balance went negative. The victim estimates that the total loss was almost R$ 60 thousand. The case is investigated as embezzlement by the 3rd District Police of Santos.

BBC News Brasil listened to two hackers (who say they no longer apply scams), experts in digital security and the delegate from the anti-kidnapping division of Garra, from the Civil Police of São Paulo, to understand how these crimes are committed and how to protect themselves.

Hackers said the scams can be divided into two categories:

The most common is the one that involves some contact between the scammer and the victim. And a more sophisticated one, involving computer programs and hacking into electronic devices.

PIX transactions were fully implemented in Brazil a year ago, on November 16, 2020.

In an interview with BBC News Brasil, the chief delegate of the 3rd Anti-kidnapping Precinct, of the Civil Police of São Paulo, Tarcio Severo, confirmed that the number of lightning kidnappings, a crime previously considered dormant, soared after the implementation of the PIX in Brazil and that there are including gangs migrating to this type of crime.

A week after the report, the Central Bank announced that it would limit the value of bank transfers made from 8 pm to 6 am.

There are several types of digital tools to deliver the scam. The most common is called a session capturer. In it, the scammer sends a PDF or an email to the victim with a file that, if opened, will somehow infect the victim.

With the virus in place, when the victim opens a bank application, the attacker will automatically receive a notification on their screen informing them that the victim has opened a bank session. The hacker then captures that person’s session, with the password combination, in order to gain access to that person’s account.

The banks, however, have reinforced security in this regard, said the delegate.

“Even if the hacker has your password and your account, he usually cannot log (access over the internet) at the bank because it is from a different location (from the authorized one) or (because the bank) identifies an unauthorized access”, he explains .

The virus allows the hacker to use the victim’s own computer to access the bank’s website and make transfers via PIX. In cases where the bank requires some type of number provided by a token, the hacker needs to clone the victim’s cell phone number to gain access to the token code.

According to specialists, this is done in partnership with people who work at telephone operators, who block the person’s chip and re-register it in another chip, owned by the hacker. The cost of this illegal service varies between R$400 and R$500.

In addition to these programs that steal banking sessions after infecting victims’ equipment, there are also phishings — fake messages that trick the victim into sharing their data — from the simple to the most advanced. The most basic are those where the scammer creates a fake page that the victim accesses via a misleading offer link or something similar.

Today, it’s more unusual because people go straight to the website address when they want to buy something, rather than going through a link. But that kind of scam still occurs.

The most complex phishing requires the hacker to have access to the victim’s DNS (Domain Name System). When entering an address to access a website, the computer’s DNS identifies which IP address that website corresponds to, analyzes whether it is trustworthy, and proceeds with the access.

If a hacker accesses the DNS, he can “trick” the person’s computer about which site is being accessed. In the victim’s browser, the address typed in by the user will appear, with the green padlock beside it, which attests to the safety of the page. But actually it’s a fake page that someone cloned to trick the DNS on the victim’s computer.

But getting DNS access for the victim to change that data is the hardest part of the hack. One way is to add some code to some mass-access site — like a news portal or gaming site — so the hacker can change the DNS of several users who have easily decipherable passwords on their router (like “1234” ).

This method today, he explains, is more difficult to occur on the websites of banks, which have invested in new protection technologies. But it used to be common.

A hacker heard by BBC News Brasil explained that the biggest difficulty with this method is to spread the virus or get victims. When the criminal achieves this, he immediately steals the money and uses it to buy cryptocurrencies and hide its origin.

This created a second parallel market: the sales of software licenses to hackers. To earn money by cooperating with crime, but “without getting your hands dirty”, some programmers develop programs that steal data and “rent” a license for such a program for up to R$2,000 a week.

One of the most common scams is emergency SMS, in which the scammer fires off thousands of automatic messages asking for help and requesting a transfer via PIX to solve a financial problem.

Experts interviewed by BBC News Brasil say that few people fall for this type of scam, but that it is still advantageous for the coup plotter.

“If the cybercriminal sent a message to a thousand people and one of them fell in with the scam, it’s already a huge damage. Even more if he manages to access an account and manage to make a personal loan, payroll deduction, make transfers. He even steals R$ 10 a thousand a day. A very profitable business for him,” said Emílio Simoni, a specialist in digital security and director of the dfndr Lab, of the CyberLabs-PSafe group.

According to Simoni, most scams applied by hackers require social engineering to deceive victims, often with the criminal posing as a bank or company.

“It’s common for the scammer to say that the customer has a problem with the PIX and that he needs to make a transfer to test it. Or they even say that if he makes a PIX he will receive double because the system has problems.”

According to the expert, the Internal Revenue Service blocked, until September 2021, more than 2.7 million attempted scams involving the PIX.

One of the ways to protect your cell phone from a scam is to install antivirus software on the device. Simoni said that the most downloaded in Brazil is Defender Security, free and created in Brazil — with 200 million downloads and 6 million devices that use it daily. According to him, defense applications contribute to the device not being vulnerable to attacks.

2. Pay attention to the visitor and be wary of incoming messages

In addition to installing an antivirus, the cybersecurity expert said that people need to be wary of messages and calls from strangers. This is the origin of most scams that involve embezzlement.

“When in doubt, look for the institution that contacted you. Call the manager asking if there really is a charge, return the call to the number that contacted you and be careful when giving your personal data, especially passwords.

One of these attacks is applied via Wi-Fi connections or pages from trusted websites such as news portals and department stores.

3. Choose safe and difficult passwords

Created by hackers in 2013, the DNS Change program breaks into cell phones with easy Wi-Fi passwords like “12345678” or “adm1234” and changes the device’s identity.

In this way, the scammer can access the device and mirror the screen on his computer whenever the user enters a website or page that interests him, such as a bank. The hacker uses a fake page for the user to enter their passwords, agency number and account.