{"id":368,"date":"2020-10-23T14:32:53","date_gmt":"2020-10-23T17:32:53","guid":{"rendered":"https:\/\/btb-website.azurewebsites.net\/?p=368"},"modified":"2023-04-19T16:12:07","modified_gmt":"2023-04-19T19:12:07","slug":"roubo-de-dados-p","status":"publish","type":"post","link":"https:\/\/www.btbtelecom.com\/en\/2020\/10\/23\/roubo-de-dados-p\/","title":{"rendered":"Received a link to register your pix? Take care, it can be a scam."},"content":{"rendered":"<p>According to a report published on the Kaspersky blog, the company's security experts detected, in less than 24 hours, the registration of 30 domains with the term <strong>&#8220;Pix&#8221;<\/strong> to send malwares and phishing campaigns to steal data, which can later be used in fraud. <\/p>\n\n\n\n<p>This happened on the day that banks of all of the country sent links to registering on Pix, new eletronic payment system on central bank.<br>\nPlease note that when Government announced the emergencial aid in April, there was detected 100 domains with the same goal.<\/p>\n\n\n\n<p>&#8220;<em>O registro de dom\u00ednio \u00e9 a primeira etapa do golpe e foram encotrados dom\u00ednios maliciosos como: pixbrasil.tech; pixempresas.com; suportepix.online e pix.atualizacaowebsegura.gq&#8221;,<\/em> said one of the experts.<\/p>\n\n\n\n<p>From domain registration, criminals can use websites to share malwares or put fake sites on web. See ahead the main scams that are being practiced.<\/p>\n\n\n\n<p>1- <strong>Scams to carry out malware infection of victim's device<\/strong><\/p>\n\n\n\n<p>Criminals uses emails, social networks or SMS offering to register in the electronic payment system. By clicking on the link, the victim is directed to this domain, the website offers to download a malicious file, which can change according to the victim's operating system: if the link is accessed by a Windows computer, the download is offered of a .ZIP file with a malicious attachment. However, if the access is from an Android smartphone, it will be a malicious app. Both will install a RAT (remote access tool) that will allow fraudsters to gain remote access to the infected device, or allow the collection of important information.<\/p>\n\n\n\n<p><strong>2. Fake messages that want to steal Internet Banking or Mobile Banking access credentials<\/strong><\/p>\n\n\n\n<p>In the same way as malware-spreading attacks, email, social media or SMS messages offer Pix registration, but in this case take the victim to a fake banking website. On the fake page, the victim will be asked to access the bank account and will also be asked for authentication codes (tokens) present on the password card or in apps. With this data, criminals can gain access to the victim's bank account and steal their balance, making fraudulent payments or transfers to other accounts.<\/p>\n\n\n\n<p><strong>3. Phishing scams to steal personal data that can be used as Pix keys<\/strong><\/p>\n\n\n\n<p>The first two types of attacks only use Pix as bait, but the move itself is unrelated to the new system. However, this 3rd type of scam is used to collect victims' personal data that can be used in payment system fraud in the next month. He was initially identified two weeks ago.<\/p>\n\n\n\n<p>The main tip to not fall for these scams is to access only the official channels of the bank in which the user has a relationship, if you have difficulty registering Pix, contact support and\/or manager of the institution.<\/p>\n\n\n\n<p><em>Source: kapersky.com.br<\/em><\/p>","protected":false},"excerpt":{"rendered":"<p>Segundo reportagem publicada no blog Kapersky, os especialistas de seguran\u00e7a da empresa detectaram em menos de 24h, o registro de 30 dom\u00ednios com o termo &#8220;Pix&#8221; para envio de campanha de malware e phishing para o roubo de dados, que posteriormente poder\u00e3o ser utilizados em fraudes. Isso aconteceu no dia em que os bancos de [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":373,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[51],"tags":[],"class_list":["post-368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-seguranca"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/posts\/368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/comments?post=368"}],"version-history":[{"count":8,"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/posts\/368\/revisions"}],"predecessor-version":[{"id":379,"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/posts\/368\/revisions\/379"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/media\/373"}],"wp:attachment":[{"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/media?parent=368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/categories?post=368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.btbtelecom.com\/en\/wp-json\/wp\/v2\/tags?post=368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}