The popularization of payments using the QR Code via Pix — the Central Bank’s instant payment method — aroused the interest of fraudsters who created two scams, especially in the payment of consumer bills. In practice, fraudsters create accounts and invoices similar to those of companies and send them to consumers and customers of service providers.

According to cybersecurity firm Kaspersky, fraudsters have observed that companies have been encouraging the payment of invoices using the Pix QR Code, and are taking advantage of it. One of the frauds identified by the company is aimed at home users and the other focused on small and medium-sized companies. In common, there is the option of payment via PIX QR Code. To avoid being a victim, the only solution is to pay attention to the identification of the recipient’s CNPJ to avoid falling for the scam.

The first fraud is well known and extremely common at this time of year: the famous fake invoices/bills. In the example identified by Kaspersky, the criminals disguised the scam as a phone bill or internet package. The novelty is the presence of the QR Code as a payment option. A detail shows that, for cybercriminals, the new payment option is preferred, as a supposed 5% discount is offered if the payment uses this method.

In false charges, as with real accounts, Pix is ​​one of the payment alternatives. The document also contains barcode and its numbering.

To make the scam more convincing, criminals even created a technique to disguise the real email that sent the fake message. In the opinion of Fabio Assolini, senior analyst at Kaspersky in Brazil, the scammers updated a fraud that was already quite widespread, namely the fake boleto:

“The fake invoice has been around for a long time. Now, most concessionaires and companies providing telephony, internet, water suppliers and energy distributors, send their invoices by email. But criminals are intercepting these e-mails. mail and simulating fake accounts. The document is very similar, in some cases that we have identified, they even have the contract number or customer identification. And they have the option to pay via Pix for the money to go into a fraudster’s account and not pay the ticket”, explains Assolini.

According to him, in this case, fraud was identified in invoices sent to companies, but Kaspersky already monitors bills that are being sent to residential consumers.

The second fraudulent message is disguised as a fake offer that uses a popular streaming platform in an alleged partnership with two major cinema chains. The bait is an alleged quarterly plan to watch movies in the comfort of your own home for BRL 267.99 – and aims to attract the attention of moviegoers. Here, the only payment option is the Pix QR Code.

“In the first scheme, the QR Code was added as an alternative, but in the second, the scam was created only with it. This shows the interest and trend of using this technology in online fraud as a trend for this year. emergence of this fraud in the first days of the year and this only reinforces how popular this practice should become over time. In addition, identification is more difficult, and direct payment via QR Code is something legitimate and cannot be blocked as a fake website. To avoid falling for the scam, people and companies need to identify the details that indicate that the message is fake”, emphasizes Assolini.

