New scam changes Pix QR-Code and bill barcode

New scam changes Pix QR-Code and bill barcode
New scam changes Pix QR-Code and bill barcode

Photo: Freepik

New update to the Reboleto tool allows criminals to edit the Pix QR-Code, along with the barcode, thus directing payment to orange accounts. This new scam was identified by Kaspersky experts in Brazil and highlights the versatility of the country’s fraud creators.

The company’s alert highlights that the only way to avoid theft is to identify the trap at the time of payment, as this scam does not infect the computer or cell phone – which represents a major challenge for consumers, companies and service providers.

The great magic of Reboleto is the option to edit any email, including attached PDF files. Nowadays, energy, telecommunications (cell phone/internet bill), sanitation and other types of businesses prefer to send invoices or consumption bills by email – and these documents increasingly offer the option of payment via Pix (QR-Code).

“What makes Reboleto a very dangerous scam is that the fraudulent edition of the boleto takes place directly in the victim’s email box – therefore all the tips about paying attention to the sender and spelling errors will not help identify the scam. The only time to avoid it is when paying the bill, as it is possible to notice the change in the recipient’s name, either after reading the bar code or via the Pix QR-Code”, explains Fabio Assolini, head of Kaspersky’s team of security analysts.

How do they gain access

To be able to change accounts in PDF format and change the payment recipient, criminals depend on being able to access victims’ emails. Access will be carried out remotely, via IMAP, and this scheme benefits due to several incidents of credential leaks.

“The Reboleto tool has an email validation function, in which criminals upload a database with various credentials, which will be tested automatically. In a panel, they can check all the accounts they had authorized access to and the scam begins”, adds Assolini.

The expert also explains that the entire fraudulent process, starting from unauthorized access to the mailbox, is done manually.

“The tool will automatically monitor emails with attachments, which will be displayed in the control panel. The tool searches for emails that contain the words ‘boleto’, ‘Pix’, ‘boleto attached’, ‘duplicate’, ‘second copy’, among others, in the ‘Subject’ field. From there, the criminal needs to open the message and edit the invoice, and can even access and change emails that have not yet been read by the victim. This scheme allows the scam to be carried out without the need to infect the computer; all fraud is committed remotely.”

Everyone can be a victim

Regarding the potential victims of these criminals, Assolini explains that both consumers and companies of all sizes can be affected.

“The IMAP protocol is present in almost all electronic mail services, webmails and corporate emails. There are credential leaks of all kinds, in addition to the problem of password reuse. So everyone is vulnerable. There is only one detail in this issue: corporate accounts are more valuable than home user accounts, as consumption and fees are higher. Taking into account that fraud is manual, the criminal’s efforts are more profitable in scams against organizations”, says the expert.

HOMEWORK inspires transformation in the world of work, in business, in society. It is the creation of Compasso, a content and connection agency.
The article is in Portuguese

Tags: scam Pix QRCode bill barcode



PREV Spotted: BYD King hybrid is already in Brazil and wants to dethrone the Corolla | Secrets and busts
NEXT Food, energy and fuel prices are President Lula’s obsession, says minister | Economy