Caixa Econômica Federal (CEF) admitted yesterday (21) that “hundreds of thousands” of Emergency Aid accounts were defrauded by cybercriminals, and a report published today (22) by the digital security company Axur helps to understand the real dimension of the problem .
There are so many fraud attempts in Digital Savings for the payment of Emergency Aid that Brazilian hackers have practically created a cybercrime “task force” to take advantage of the gains of the new opportunity generated by the fragile security of CEF.
The main evidence of this change in the focus of criminals is the historic drop in the number of phishing scams tracked by Axur in Online Criminal Activity in Brazil in the second quarter of this year. There was an unusual decrease of 12.26% in this type of coup in the country, according to the report; and Fabio Ramos, CEO of Axur, related this drop to the new possibilities of fraud provided by Emergency Aid.
“We have seen a very significant increase, quarter after quarter, in phishing cases in Brazil. So we are going through a very atypical moment, and criminals are looking for the blows that give them more traction or results. With the emergence of Emergency Aid, which was done in a hurry and made a series of frauds possible, criminals chose to target the blows in this government program – according to information we collected on the dark web ”, explained Ramos in an exclusive interview to TecMundo.
Ramos believes that, once the payment of the Aid is finalized, the number of phishing scams should increase again in Brazil, a country that has one of the highest rates of criminal activities of this type in the world.
“I usually say that criminals don’t like to work. If they liked it, they wouldn’t be in crime. So they always look for the easiest way to make money and make the scam. Obviously, the volume of fraud related to Emergency Aid is very large and easy to take advantage of. On the one hand, there is phishing, which has a good return rate, but on the other there is Aid; so they went straight to where they give the most money, ”said Ramos.
Is it that easy?
There are two fundamental factors that make Emergency Aid so easy to defraud. The first is the wide availability of complete data from Brazilian citizens on the dark web for sale or tools to capture this data. The second is a “security breach” of Caixa Tem, the app created by CEF to operate Digital Savings in which the amounts of the Aid are deposited.
This flaw is not exactly a loophole that the bank missed, but rather a “resource” deliberately developed so that more people could have quick access to funds for citizens affected by the economic crisis.
Caixa Tem allows each Android or iOS device to register and operate multiple Emergency Aid accounts at the same time. This, theoretically, would facilitate access to money for people who did not have a compatible cell phone to operate their own account. The idea is that other beneficiaries would help these individuals without access to the internet to request and even move their money.
In an interview with InfoMoney, CEF President Pedro Guimarães made it clear that this situation was largely abused by criminals to deliver coups. In this way, all “hundreds of thousands” of accounts that were moved together on the same device were blocked by Caixa.
“We have evidence that the vast majority [of multiple accounts on one device] were used by hackers. But some honest people were penalized, “he explained. The blocked accounts will only be released again when the beneficiaries appear at a Caixa branch to prove their identity.
Organized cyber crime
According to analysis by Fabio Ramos, CEO of Axur, the rapid reaction of criminals to the possibilities generated by the Caixa Tem security breach happened because there is a well-defined organization among cybercriminals.
“There is the person who captures the victims’ data, the ones who validate and enrich the data, and this division goes on until the end, with the individual who goes to the checkout to withdraw the money from the fraudulent account. And they are all part of different groups, ”he said.
With the announcement of Emergency Aid, people started to search for a lot of information on the topic on the internet. Because of this trend, fake pages and applications started to trick users to obtain personal data, which were later used to request and defraud Caixa Tem accounts.
Ramos also pointed out that fake apps were available even in official mobile app stores, such as the Play Store. They simulated not only Caixa tools made for Emergency Aid, but also other services, such as SUS, Ministry of Health and more.
“In this moment of fragility, with unemployment and lack of money, people do not rationalize much, and criminals take advantage of this fear and anxiety that support the success rate in a coup,” explained Ramos. “The Government also leaves some gaps. It is not so easy to get official information, and as we are today ‘drowned in information’, sometimes people believe more in what is running on WhatsApp because they received it from a friend or relative. These gaps in official communication end up making room for criminals. ”