With the popularization of Pix, an instant payment method created by the Central Bank of Brazil, new types of fraud have emerged that threaten the security of commercial establishments. Recently, criminals have been using fake bank apps to simulate Pix payments in physical stores, putting both merchants and their customers at risk.
Identified by Kaspersky and disclosed by Folha de S.Paulo, this new fraud has generated concern among experts and businesspeople, who need to adopt preventive measures to avoid losses.
How Does the Fake App Scam Work?
The scam begins with the creation of applications that perfectly imitate the functions of official banking applications, including the payment interface via Pix.
During the transaction, the scammer enters the data normally, such as Pix key, amount and password, while the fake application displays a loading screen, simulating payment authentication.
At the end of the process, the system generates a false proof of payment, which is often accepted by inattentive merchants, resulting in financial losses.
Leandro Cuozzo, a researcher at Kaspersky, highlights that this fraud usually occurs in low-value transactions, where the rush and lack of attention of the attendants makes it easier for criminals to act.
The solution to avoid this type of scam, according to Cuozzo, is simple: merchants should always check whether the amount was actually credited to the account before releasing the merchandise.
Pix's instantaneous nature allows this verification to be carried out quickly, offering an additional layer of security.
The Criminal Organization and the Sale of Applications
These fraudulent applications are sold on platforms such as Telegram, where specialized gangs sell these tools for prices ranging from R$25 to R$45 per bank. A complete package, containing fake versions of several banks, can be purchased for R$120.
In addition to the apps, criminals share tips and guidelines on how to carry out the scams on social networks such as Telegram, TikTok, Instagram and YouTube. These guidelines include, for example, which products are easiest to purchase and when the attendants are most vulnerable.
The Technological Threat and the Sophistication of Scams
These fake apps not only compromise the security of transactions, but also pose a significant risk to the devices on which they are installed.
Kaspersky warns that to install these apps, users must unlock their smartphones, which could expose the device to other threats. In addition, the same gangs are developing tools to bypass NFC communication, generate fake documents and even create deepfakes that can fool banks' biometric systems.
The sophistication of these scams is worrying and demonstrates the level of organization of these gangs, who continue to innovate in their approaches to circumvent security measures.
The use of deepfakes, for example, shows that criminals are using advanced technologies to make their scams even more convincing, making it difficult for banks and victims to detect them.
You can achieve this by:
- Free, but for a limited time! Best apps for Android and iOS
- 6 Apps to Make Money with Pix for Free
- Dangerous Apps: How to Avoid Viral Infections on Your Cell Phone
Efforts to Combat Fraud and Increase Security
Given the increase in this type of scam, several social media platforms have taken measures to combat the spread of these practices. Telegram, for example, removed channels that were being used to sell fake apps.
YouTube has deleted videos that taught how to carry out the scam, and TikTok has blocked accounts linked to the gangs. At the same time, the Brazilian Federation of Banks (Febraban) has stepped up awareness campaigns to alert both merchants and consumers about the risks associated with these scams.
Financial institutions have also invested in fraud detection technologies, in addition to promoting internal training to enable their teams to identify and block suspicious transactions.
Collaboration between digital platforms, banks and authorities is essential to mitigate the impact of these scams and protect the financial ecosystem as a whole.
Protective Measures for Traders
To ensure that your business is protected against Pix fraud, it is essential to adopt a series of preventive measures. Firstly, merchants should always check whether the transaction has actually been credited to the indicated account before releasing any merchandise.
This simple check can prevent false payment receipts from being accepted.
Additionally, it is crucial that merchants only use official banking apps, downloaded directly from authorized app stores. Apps from unknown or unofficial sources should be avoided as they can compromise device security and expose sensitive data.
Another important point is staff awareness. Attendants and cashiers must be trained to recognize signs of fraud and be alert to any irregularities in payment receipts. Installing monitoring systems and constant auditing of transactions are also recommended practices to minimize risks.
The Main Targets of Criminals
Generally, small merchants and establishments with a large volume of low-value transactions are the main targets of scammers.
They take advantage of the lack of rigor in checking payments and the inattention of the attendants to carry out the scam, which makes these establishments especially vulnerable. Therefore, adopting a more careful and rigorous approach when checking payments is essential to avoid losses.
The rapid evolution of fraud involving Pix requires extra attention from merchants. By following security recommendations and staying informed about new techniques used by criminals, it is possible to minimize risks and ensure the protection of your business. Stay alert and protect yourself against scams with fake Pix apps!
