A new wave of scams combines hacking into emails with a tool capable of changing bar codes to divert payments made via bank slips. The attack occurs when a document is received by the user, without the use of viruses or other contamination methods, with the change only being noticed by visually checking the data at the time of payment.
Photo: damirkhabirov/Envato / Canaltech
The warning made by Febraban (Brazilian Federation of Banks) and reinforced by Kaspersky raises the risk, mainly, of printing bank slips. Meanwhile, they also point out the increasing trend of companies and service providers sending monthly invoices by email. With this in mind, the criminals developed the scam recommended by security experts, which has been circulating since last year and has been improved.
On one side is a new version of the Reboleto tool. It was created as a way to facilitate the payment of expired bills, changing data to revalidate a document, but it soon fell into the hands of criminals for use in fraud. It was taken offline for common users, but continues to be widely used by cybercriminals in scams of this type.
Only directly checking the data, at the time of payment, can prevent scams that manipulate bills directly to the victims’ email (Image: Bruno Salutes/Adobe Stock)
Photo: Canaltech
On the other, lists of leaked credentials and email boxes without proper two-step protection. Such data is used to gain access to inboxes and locate messages containing invoices, based on common terms. The change, then, is made by the criminals themselves and without infecting the victim’s PC or cell phone; they may also indicate that an altered message has not been read, drawing attention to the fraudulent charge.
According to Kaspersky, only the user’s attention when making the payment can catch the scam. Changing the QR code or barcode on the bill generates changes to the payment recipient and other information; They, however, remain original on the bill, which leads to a warning from Febraban for citizens to avoid printing the documents.
How to protect yourself against bill scams
The federation indicates that, as bank slips are among the most used methods by Brazilians to pay bills — R$5.8 trillion were transferred in 2023 —, they are also highly targeted by criminals. Therefore, attention when making payments and checking data are essential to avoid fraud.
;
The main recommendation is to keep a close eye on the details of the payment recipient, including not only the name, but also the amount, due date, CPF or CNPJ. This applies even if the bill, printed or digital, includes the correct data, with verification having to take place directly on the cashier screen or internet banking.
Furthermore, it is always important to check the sender of emails and avoid paying bills that arrive randomly in the mail or messaging apps. Even though the scam mentioned here does not involve contamination, the use of malware by criminals is still frequent, hence the recommendation to use an antivirus on your computer and cell phone.
Finally, Febraban recommends the use of automatic debit, which captures information from bills directly to make payments. Thus, additional manipulations will have no effect, even if the invoice that arrives in your inbox is altered by cybercriminals; the document received would only be valid for verification or, in this case, confirmation of the scam.
Trending on Canaltech:
+The best content in your email for free. Choose your favorite Terra Newsletter. Click here!
