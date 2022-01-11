Kaspersky experts confirmed the occurrence of two cyberattacks that use PIX QR codes, the Central Bank’s instant payment method. One of the schemes focuses on ordinary citizens, while another targets small and medium-sized businesses.
The first scam is well known and common at this time of year: fake invoices and bills. In the example identified by Kaspersky, the criminals disguised the scam in a telephone and internet bill.
The only novelty in the scheme is the presence of the QR Code as a payment option. Criminals highlight a preference for PIX, as a supposed 5% discount is offered if payment takes place through this method.
PIX has registered a huge growth in twelve months, accumulating more than 1.8 billion transactions. With the increase in scams, the Central Bank even applied limitations to Procon requests.
To make the scam more convincing, scammers use a technique to disguise the real email that sent the fake message. In addition to the title “digital account”, both in the subject and in the email address, they add real company names.
The second fraudulent message is disguised as an offer on a very popular movie and series streaming platform. In an alleged partnership with two major cinema chains, the platform offers an alleged quarterly plan to watch movies in the comfort of your own home for R$267.99. The only payment option is the PIX QRCode.
how to identify
To help users identify scams, Kaspersky points out that fake invoices don’t contain the customer’s name, just the subscriber code, which is a number that almost no one should know by heart. Also, consumption bills (gas, energy, telephony) always start with the number 8.
When the email suggests promotions, it is important that the person checks the veracity of the offer on the companies’ official website or contact them through official channels.
Finally, confirming the recipient’s data before completing the payment via PIX is essential. As with all fraudulent schemes, criminals use the names of oranges to receive the money from the scams. Only legitimate payments will show the correct company names (corporate names).