Table of Contents
After the Pix was implemented in Brazil, it has never been easier to make payments or direct transfers — and of course the scams would also arrive at the same intensity. Today we are going to show some data about Pix scams applied from 2022 to the first half of 2023, as well as bringing some tips so that you avoid being the next victim. Check it out below!
Pix scams in recent times
A study revealed that in 2022 Brazilians were the target of 1,7 million blows financial information related to Pix. The research, conducted by fintech Silverguard, found that four out of ten Brazilians were victims of some fraud attempt when using this means of payment. Also according to the survey, one in five people who received a fraud attempt ended up falling for the scam. The most common scams involving Pix include:
- Fake Central Banking: This modality, in which the scammer requests the reversal of a fake Pix, accounts for 38% of occurrences;
- False Investment: Scammers offer investment opportunities that promise to multiply victims' money;
- False Relative: The scammer pretends to be a relative in need of money, representing 20% of incidents;
- Fake Product or Store: It involves the purchase of a product that is never delivered, accounting for 18% of frauds;
- Hacked Social Network: Scammers make purchases of products in the name of acquaintances whose accounts have been cloned, accounting for a significant portion of incidents.
These alarming numbers highlight the importance of remaining vigilant and adopting security measures when using Pix as a payment method. Below we have compiled some tips and general guidelines so that you can feel safer when choosing Pix as your payment or transfer method.
Special Return Mechanism (MED)
Have you been the victim of a scam through Pix? O central bank has a tool that helps all those who go through this through MED, a financial security resource. O MED, or Special Return Mechanism, is a feature of the Brazilian Instant Payment System (SPI) and Pix, which was implemented to allow users to return amounts received by mistake, improperly or to victims of scams.
MED is an important tool for ensuring the security and reliability of transactions in the Pix environment. It allows the recipient of a Pix transfer, upon identifying that they have received an amount by mistake, to request the return this amount to the sender. This is especially useful in cases of typing errors in the recipient's CPF/CNPJ or Pix key, duplicate transfers, people who are victims of scams of Pix or any other situation in which the transfer was not carried out correctly.
O Special Return Mechanism is a set of Pix operating rules and procedures that allows the institution receiving the Pix transaction to evaluate the case and, when necessary, return the amount received to the sender, as long as the amount still be on the target account. This process must occur within a period of up to seven calendar days from the return request.
On average, 7 out of 10 return requests made through the MED system are rejected. Of these rejections, 89% occur due to a lack of balance or the closure of the account that received the money. This means that, in most cases, scammers act quickly after the fraud, transferring the funds to other accounts or withdrawing the money, making it difficult or impossible to recover the funds.
When returns are accepted, only 35% of them are carried out in full. In other words, two out of every three returns are partial and generally involve very low amounts. In the entire year 2022, only 6% of the total R$3,1 billion in requests made through the MED system were effectively returned to the applicants.
How to request a MED?
The Special Return Mechanism is an exclusive feature of the system Pix, designed to simplify the refund process in cases of fraud, increasing the chances of the victim recovering their funds. To trigger the MED, you must request a refund through your financial institution within 80 days after completing the Pix transaction, if you have been a victim of fraud, scam or crime. According to the Central Bank itself, the process works as follows:
- You submit the complaint to your financial institution — i.e. varies depending on each bank;
- The institution evaluates the case and, if it determines that it meets the MED guidelines, the resources sent to the recipient of your Pix transaction are temporarily blocked;
- The case goes through a analysis that takes up to 7 days. If the conclusion is that there was no fraud, the resources are unlocked and returned to the recipient. However, if fraud is confirmed, you will receive a full or partial refund within 96 hours.
Furthermore, MED can be triggered when an operational failure occurs in your financial institution's Pix system, such as a duplicate transaction. In this case, the institution evaluates the failure and, if confirmed, returns the money within 24 hours.
How do Pix scams work?
Pix-related scams can take various forms and, for the most part, are carried out through fraud techniques. Phishing, whose objective is to extract information from users through fraudulent messages that appear to be from financial institutions. The term "Phishing” comes from English and means “fishing“. This is the strategy used in this type of scam: sending messages in large quantities and waiting for some people to “take the bait".
In the typical scenario, the scammer pretends to be a bank and asks the user to register their Pix keys on fake websites. By doing this, the victim ends up sharing personal information, such as Tax ID (CPF), phone number e e-mail with the fraudulent entity. Scammers then manage to gain access to this data, which is used as Pix keys.
Another common approach involves convincing the victim that there is a problem with their bank account and that resolution requires downloading an app or opening a link that installs a malware (a type of virus) on the mobile device without the victim noticing. Once installed, the malware grants access to user information and can modify the functioning of the banking application.
Furthermore, criminals can also pose as stores e big retailers, luring victims with false offers. In these cases, the victim is tricked into completing a payment transaction on a fake shopping website. Only after completing the transaction does she realize she fell for a scam.
Discover some scams
Below we will show the scams that are most commonly applied via Pix. At the end, we will also show you tips to protect yourself from these scams.
Phishing
The messages from Phishing they are carefully crafted, with formatting and images designed to mimic legitimate business communications. In the context of Pix, scammers often impersonate financial institutions, falsely alerting customers about problems with their accounts or asking them to register their keys, which contain personal data, in malicious links.
When the recipient opens the message, it is common to find a link that directs them to a fake website, designed to look like the institution's legitimate website. It is at this point that the scam is carried out: the user, believing that they are in an authentic environment, provides the requested data. Subsequently, this information is misused by scammers, who pretend to be the victim.
Thus, the Phishing relies on manipulating trust and resemblance to real communications to deceive people and obtain sensitive information fraudulently. It is essential that users are alert and take precautionary measures when dealing with suspicious messages, especially those related to financial information.
Falso employee
In this type of fraud, the scammer pretends to be a bank or company employee. financial institution responsible for the victim's Pix account. This approach usually takes place via telephone, email or text message (either SMS or WhatsApp), with the fraudster posing as a member of the bank's technical support or security team.
The scammer then claims that, to guarantee the security of the account, it is necessary to carry out a “verification" or "tests" in the system. Part of this procedure involves the user making a transfer via Pix, usually to an account controlled by the scammer.
For example, the fake employee may state that “to complete the security update of your account, you need to make a Pix of R$1. This will serve to confirm account ownership and reinforce protection against fraud”. Without realizing that it could be a scam, the victim makes the transfer, believing they are contributing to their own security, but, in reality, they are sending money to the scammer.
It is essential to keep in mind that financial institutions and banks never ask customers to make transfers or disclose their passwords as part of security procedures. Any request in this regard must be viewed with suspicion and immediately reported to the responsible institution. Prevention and awareness are essential to avoid falling for this type of scam.
WhatsApp cloned
A WhatsApp cloning is a scam in which a fraudster manages to duplicate your WhatsApp account on another device. To accomplish this, the scammer typically poses as an employee of a company and asks you to confirm a verification code sent to your cell phone number.
Once they have access to your WhatsApp account, the scammer can impersonate you and request friends and family who make transfers via Pix to an account under the fraudster's control, often claiming an emergency situation.
It is essential to never share verification codes or other sensitive information related to your WhatsApp account. It is important to remember that legitimate companies and institutions never ask for this type of information through messages. Vigilance and precaution are essential to protect yourself against this type of scam.
QR Code scam
the blow of Fake QR Code is a fraud where criminals generate a code for the victim to supposedly carry out a transaction, but which, in fact, directs the payment to an account other than the intended one. For example, you may receive a message from someone pretending to be a company, with a QR Code to pay for a product or service.
By scanning the code and carrying out the transaction via Pix, the money goes to the scammers account instead of the real company. In this case it is crucial to always confirm the origin and veracity of a QR Code before carrying out any transaction. Never make payments via Pix from codes received via email or message, without first confirming your legitimacy.
Pix key changed
Already Pix key exchange happens when scammers trick the victim into registering a Pix key that belongs to them. This key can be a phone number, CPF, email or even a random key. For example, a scammer may pose as a bank employee and ask you to register a “new Pix key for security“. This new number is, in fact, controlled by the scammer.
When you register this key in your name, all transfers sent to it go directly to the fraudster's account. It is essential to remember never to register a Pix key that someone else has provided to you. Pix keys must always be your property and control.
Tips to avoid Pix scams
And now we're going to show some tips that users can follow to avoid falling for Pix scams. Since you already know the most common scams, now see how to protect yourself from them.
Confirm destination data
It is very important to maintain a high level of vigilance when carrying out transactions via Pix. Scammers have taken advantage of the ease of this system to pose as acquaintances and request transfers. Therefore, always carefully check the recipient's details before making a Pix. Make sure the information matches that of the legitimate contact, and if in doubt, contact the person directly through another platform or method to confirm the request. Despite being simple, this prevention tip is the key to avoiding falling for financial scams.
Activate two-factor authentication on WhatsApp
Always be alert to requests for money, especially those that appear to come from people you know. If you receive a transfer request, consider calling the person to confirm, but avoid using the WhatsApp to do so, as the account may be compromised. Also, never share the validation code sent by the app unless you initiated the request. For further strengthen your account security, we highly recommend using the two-step verification tool. Activating this function is simple:
- on devices iOS (iPhone): Go to Settings > Account > Two-Step Verification > Activate.
- on devices Android: Go to Settings > Account > Two-Step Verification > Activate.
By following these steps, you add an additional layer of security to your account, protecting it against unauthorized access attempts. The security of your financial data is of utmost importance, and measures like these help keep your information protected.
Avoid accessing suspicious links
Never share your personal data and passwords with third parties. If you receive a call or message requesting confidential information, it is essential not to disclose it, as it could be a scam whose objective is to gain access to your data and carry out transactions in your name. Furthermore, when browsing the internet, it is important to have plenty of be careful when clicking on links. Check the authenticity of links and websites before accessing them.
When making a transfer via Pix, make sure to use only the official channels of the financial institution or platform you are using. When receiving offers and advertisements, it is important to investigate the provenance carefully. Be alert for possible false sales and verify the veracity of the information before finalizing any purchase.
Don't use public Wi-Fi for Pix
It is even common for people to use Wi-Fi networks available in places such as public transport and restaurants. However, it is essential to take precautions when connecting to these networks as security in them is not always robust, which can make it easier for hackers to access your personal information. Therefore, it is advisable to avoid carrying out banking transactions while connected to these networks. If possible, use your own data package or wait until you arrive at a location with a more secure network to ensure your personal information is protected.
Be wary of unknown calls and SMS
It is essential to never make calls to telephone numbers (0800) provided through SMS or other suspicious messages. Instead, always use your bank's call center phone number or contact your manager directly.
It is true that banks often contact customers to verify suspicious transactions, however, it is important to note that they never request sensitive information such as passwords, tokens or other personal data during these calls. Furthermore, banks never call asking customers to make transfers, Pix or any type of payment over the phone.
And you, what did you think of the safety tips? Do you already use any of them? Tell us Comment!
See also:
Source: Mail Braziliense
reviewed by Glaucon Vital in 11 / 9 / 23.
Discover more about Showmetech
Sign up to receive our latest news via email.