Mobile fraud attempts are on the rise. Learn how to protect yourself!
Posted: Sun Dec 22, 2024 5:24 am
Consumers have barely gotten used to the term "m-commerce" and the mobile version of internet banking, and fraudsters are already working to exploit the weaknesses of these operations. Among online fraud attempts in 2014, 7% originated from a mobile device – in 2015, this percentage is expected to reach 18%, according to a study by ClearSale, a company specializing in fraud prevention solutions.
"Scammers have focused on card-not-present transactions, which are carried out through online stores and internet banking. Therefore, they only need the victim's personal and financial data," explains Hugo Costa, director of ACI Worldwide in Brazil, a multinational company that offers payment solutions.
With third-party data in hand, fraudsters act in a variety of ways: they email list france accounts in banks or "front" companies to commit scams, apply for credit cards, acquire telephone lines and finance products, especially electronics and automobiles, according to Serasa Experian.
Panorama
At the end of 2014, transactions carried out via mobile commerce, or m-commerce (store websites in mobile format), accounted for 9.7% of all e-commerce sales, according to a report by online shopping website e-Bit.
Almost half of banking transactions in Brazil are now carried out via mobile and internet banking (47% in 2014), according to a survey by the Brazilian Federation of Banks (Febraban).
Brazil closed 2014 with 6.76 million active 4G lines, which represents a growth of 416.55% compared to 2013, according to the National Telecommunications Agency (Anatel).
Statistics reveal that people's behavior is changing, that the use of mobile and online channels is growing, and experts assure that fraudsters are aware of these changes.
How do they get the data?
Kaspersky security expert Fabio Assolini warns that fraud on mobile devices basically occurs in three ways: fake websites and apps from stores and banks, phishing and public Wi-Fi.
When installing a fake app, the user actually downloads a virus. The fake pages display exuberant offers and, when simulating the purchase, the fake website only offers one purchase option, using a credit card, at which point the data is captured.
In 2012, the internet security software development company detected the use of phishing in mobile format for the first time in Brazil. This type of attack begins with an email requesting a click to activate a specific access and, upon clicking, the user is directed to a fake page, already configured in mobile format, which requests the victim's data.
Data fraud via Wi-Fi occurs when the owner of a connection or another user connected to the same network has malicious intentions and carries out the attack in real time, directing the victim to a fake website or to obtain personal or credit card information. "In terms of security, I compare public Wi-Fi to a public bathroom. People arrive at a coffee shop and connect right away. Use your 3G connection instead or wait until you get home," advises Assolini.
Technology
Despite the loopholes found by criminals, online security experts are unanimous regarding Brazil's technological pioneering role.
"To prevent gift card fraud, Brazil has adopted pioneering measures, such as chipped card technology, for example, which is only now arriving in the US. After the chip, cloning physical cards became expensive and fraudsters are migrating to the virtual environment," explains Omar Jarouche, statistician at ClearSale.
To ensure customer security in online transactions, there is online authentication, which alerts you to a fake page, encryption, which transforms information sent and received into codes, and products for detecting and preventing risks based on the reputation of the device accessing the internet and the user's transaction history.
"The software works through systems of rules and neural and analytical models. Researchers have created intelligent algorithms and systems. So, if someone, for example, who never buys electronics buys a 50-inch TV online in the early hours of the morning, the system detects and warns about the risk in real time," explains Joel Nunes, ACI manager in Brazil.
Whose fault is it?
No matter how complex and efficient the available technology is, the behavior of Brazilian consumers is still risky and easily puts them in situations of fraud, warns Nunes.
"It's easy to commit fraud: criminals only need your address, CPF, card number and three security digits. So, protect your personal data," recommends Assolini. Experts recommend the following forms of protection, which apply to both mobile and desktop access:
Check if the store or bank website has a padlock;
Check if the page address starts with "https" (guarantee that the data is encrypted);
Check if the website has a digital security certificate;
Before buying from online stores, check their reputation on the internet;
Be wary of little-known companies with very advantageous offers;
Avoid sensitive purchases and transactions using public Wi-Fi;
Be wary of emails in the form of sweepstakes, contests and prizes;
When the message "click here" appears, only click if you are sure it is trustworthy;
Keep your browser secure with trusted apps. There are free solutions;
Keep your browser up to date;
Install antivirus and keep it updated;
When opening a bank account, question the security mechanisms they offer in internet banking, such as sending the Token, for example;
Track your statement weekly.
If someone discovers fraud after checking their statement, companies advise that the person contact their bank and block their card. Filing a police report can help the Digital Crimes Division search for the fraudster's IP address and arrest the criminals.
"Scammers have focused on card-not-present transactions, which are carried out through online stores and internet banking. Therefore, they only need the victim's personal and financial data," explains Hugo Costa, director of ACI Worldwide in Brazil, a multinational company that offers payment solutions.
With third-party data in hand, fraudsters act in a variety of ways: they email list france accounts in banks or "front" companies to commit scams, apply for credit cards, acquire telephone lines and finance products, especially electronics and automobiles, according to Serasa Experian.
Panorama
At the end of 2014, transactions carried out via mobile commerce, or m-commerce (store websites in mobile format), accounted for 9.7% of all e-commerce sales, according to a report by online shopping website e-Bit.
Almost half of banking transactions in Brazil are now carried out via mobile and internet banking (47% in 2014), according to a survey by the Brazilian Federation of Banks (Febraban).
Brazil closed 2014 with 6.76 million active 4G lines, which represents a growth of 416.55% compared to 2013, according to the National Telecommunications Agency (Anatel).
Statistics reveal that people's behavior is changing, that the use of mobile and online channels is growing, and experts assure that fraudsters are aware of these changes.
How do they get the data?
Kaspersky security expert Fabio Assolini warns that fraud on mobile devices basically occurs in three ways: fake websites and apps from stores and banks, phishing and public Wi-Fi.
When installing a fake app, the user actually downloads a virus. The fake pages display exuberant offers and, when simulating the purchase, the fake website only offers one purchase option, using a credit card, at which point the data is captured.
In 2012, the internet security software development company detected the use of phishing in mobile format for the first time in Brazil. This type of attack begins with an email requesting a click to activate a specific access and, upon clicking, the user is directed to a fake page, already configured in mobile format, which requests the victim's data.
Data fraud via Wi-Fi occurs when the owner of a connection or another user connected to the same network has malicious intentions and carries out the attack in real time, directing the victim to a fake website or to obtain personal or credit card information. "In terms of security, I compare public Wi-Fi to a public bathroom. People arrive at a coffee shop and connect right away. Use your 3G connection instead or wait until you get home," advises Assolini.
Technology
Despite the loopholes found by criminals, online security experts are unanimous regarding Brazil's technological pioneering role.
"To prevent gift card fraud, Brazil has adopted pioneering measures, such as chipped card technology, for example, which is only now arriving in the US. After the chip, cloning physical cards became expensive and fraudsters are migrating to the virtual environment," explains Omar Jarouche, statistician at ClearSale.
To ensure customer security in online transactions, there is online authentication, which alerts you to a fake page, encryption, which transforms information sent and received into codes, and products for detecting and preventing risks based on the reputation of the device accessing the internet and the user's transaction history.
"The software works through systems of rules and neural and analytical models. Researchers have created intelligent algorithms and systems. So, if someone, for example, who never buys electronics buys a 50-inch TV online in the early hours of the morning, the system detects and warns about the risk in real time," explains Joel Nunes, ACI manager in Brazil.
Whose fault is it?
No matter how complex and efficient the available technology is, the behavior of Brazilian consumers is still risky and easily puts them in situations of fraud, warns Nunes.
"It's easy to commit fraud: criminals only need your address, CPF, card number and three security digits. So, protect your personal data," recommends Assolini. Experts recommend the following forms of protection, which apply to both mobile and desktop access:
Check if the store or bank website has a padlock;
Check if the page address starts with "https" (guarantee that the data is encrypted);
Check if the website has a digital security certificate;
Before buying from online stores, check their reputation on the internet;
Be wary of little-known companies with very advantageous offers;
Avoid sensitive purchases and transactions using public Wi-Fi;
Be wary of emails in the form of sweepstakes, contests and prizes;
When the message "click here" appears, only click if you are sure it is trustworthy;
Keep your browser secure with trusted apps. There are free solutions;
Keep your browser up to date;
Install antivirus and keep it updated;
When opening a bank account, question the security mechanisms they offer in internet banking, such as sending the Token, for example;
Track your statement weekly.
If someone discovers fraud after checking their statement, companies advise that the person contact their bank and block their card. Filing a police report can help the Digital Crimes Division search for the fraudster's IP address and arrest the criminals.