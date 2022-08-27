Cell phone scams have grown exponentially in the country – and are increasingly sophisticated. This week, the Federal police and the Brazilian Federation of Banks (Febraban)) warned of a new type of attack called “ghost hand”, where the victim is induced to install malware, software that gives access to the cell phone so that fraudsters can scour the device to find passwords and use banking apps to commit fraud.

Criminals impersonate bank employees and rely on recordings that simulate a telephone exchange, for example, in which several members of the gang act to convince victims in the same call. The gangs inform that the account has been hacked or that suspicious transactions have been identified, and that they will forward a link to the installation of an application that will solve the problem. If the customer installs the app, the criminal will have access to all the data on the cell phone.

They earn people’s trust through convincing call and confirmation of various data. With balanced speech, good Portuguese and showing that they know the person, they gain trust and start to have a certain level of relationship that generates intimacy. Vulnerability is innocence and ignorance.” Edson Sivieri, CTO of the IAUDIT Group

Criminals also use phishingtechnique that sends fake emails or text messages with security update messages from the bank’s application or cell phone with links that induce the person to click and download the malicious programs.

With access to the device, fraudsters search for passwords stored by users in applications and websites and, in this way, are able to gain access to bank applications to carry out fraudulent transactions, such as transfers, payment of bills and slips and loan requests. The Federal Police estimate that about 40,000 people may have fallen for the coup in the country.

In a note, Febraban clarifies that bank applications have maximum security at all stages and that there is no record of breach of security of these applications.

“The bank never calls the customer asking him to install any type of application on his cell phone. He also never calls asking for a password or card number or for the customer to make a transfer or any type of payment to supposedly settle a problem with the account”, he warns. Adriano Volpini, director of the entity’s Fraud Prevention Committee.

1) The first tip is not to believe that whoever is on the other side is good. Banks do not contact you to ask for the installation of applications. If in doubt, contact the bank or go to your branch;

2) Never provide access to your cell phone, or install applications that you don’t know on your device (those that come via WhatsApp, messages, email) or that come from outside your cell phone’s official store;

3) Be careful with your passwords and important information, never leave them exposed in messages or in apps like Notepad, WhatsApp and other apps;

4) Monitor your checking account and change the password of websites, apps, banks frequently. Never use the same password on shopping sites, banks or any other application that may facilitate criminals;

5) Always use resources available in banks to confirm transactions (double-check authentication) and also be careful to activate, in your WhatsApp, the password confirmation for access to messages;

6) Keep your phone always up to date and have antivirus software on your device. Sivieri, from IAUDIT, reinforces that there are software that work as digital safes that can help users to make their data more protected. Some cell phone operating systems, too, already have safe folder features, use this feature by installing banking software there. Look on the manufacturer’s website for installation and usage instructions;

7) Report it to the authorities if you have ever been a victim of the “ghost hand scam” or any other scam.