Pix coup: victim reports new modality used by criminals

Do you remember life before Pix? The platform launched by the Central Bank in 2020 fell in love with Brazilians and revolutionized the way in which the population makes payments. However, as the saying goes “with great power, great responsibility”, the Pix has become the target of criminals, who plan a series of scams.

The newest of them gained repercussions on Twitter this week. The report, made by journalist Marcella Centofanti in a thread on the social network, already has more than 20,000 likes and 2 million views.

Marcella says that, at first, she received a call from someone pretending to be an employee of Banco Itaú. First, the fake clerk told the woman that her account had been hacked and, for security purposes, blocked.

SCAM ALERT. I almost fell into a pix scam today. A guy called me saying he was an Itaú employee. He said that my account had been hacked and, as a security measure, blocked. Articulate and with a calm tone of voice, he asked to confirm my last operations (cont)

— Marcella Centofanti (@marcellacento) February 8, 2023

“Articulated and with a calm tone of voice, he asked to confirm my last bank operations. He quoted what came out and got into my account in the last few days. Everything EXACT”, reported Marcella.

The journalist says that the fake attendant asked her to enter the bank application. She then accessed the platform and saw that the account was indeed blocked. The scammer asked the woman to create a new password. He even advised her not to share the data with anyone and even recommended that she file a police report.

“All this while, according to him, the bank was scanning my transactions in search of possible fraudulent actions”, explains Marcella. She also reports that, even when the call was interrupted by a pause, she was able to hear the same music that she hears when she makes a call to Itaú.

“After cooking me for about 20 minutes, he [o falso atendente] asked if I had accessed my account from two iPhones two days earlier. I denied it. According to him, these phones had accessed my account in Santo André. Afterwards, he asked if I recognized 3 deposits in amounts of 9 to 10 thousand reais each. He cited the names and banks of those addressed. I vehemently denied it, by now completely desperate.”

THE SCAM

According to Marcella, the scammer asked her to enter the app, make the same transfer that the “iPhone bandit from Santo André” made, with the same amount, to the same account, because then the bank would recognize the duplicity and cancel the operation. .

It was ONLY at that point that I really became suspicious. Until then, it looked too round to be a hit. I argued that that operation made no sense. As he had already given me the call protocol, I said I would call Itaú to check the authenticity of the call. For the first time, I felt a nervous tone in his voice, until then monotonous, like all call-center calls”, he says.

The scammer even said that if the operation was not canceled by a certain time, the bank would not be responsible for the fraud.

Afterwards, Marcella called her bank manager and, before she finished the story, her assistant said: “Itaú does not ask you to make a transfer to cancel another one. It’s a blow.”

In one of the posts, the journalist says she is afraid of having her account hacked and “scraped”. “What do you mean the crooks have access to such sensitive data from my bank account?”, She asks. ”Until now I have no idea how this happened. No one else has access to my app. The password there was unique. I don’t click on bank links. Notice that the bandit didn’t ask me for any data. He pretended to be concerned for my safety.”

POSITIONING OF ITAÚ

Sought by CNN, Banco Itaú commented on the case. Check the note:

“Itaú Unibanco has data security and protection as a priority and continuously invests in technologies to strengthen systems, applications and confidentiality of information, in addition to strictly following all the guidelines of regulatory bodies.

The bank reinforces the guidelines for customers to be aware of possible attempts at scams involving approaches from false security centers or false employees of the institution. In this sense, it clarifies that calls received by customers requesting any document, passwords, registration and financial data, chargebacks or carrying out transfers are not practices of the institution, therefore, customers should not, under any circumstances, type or inform passwords on the telephone device when they did not make the call in an active and spontaneous way. Strictly following these practices, scammers will not have any way of improperly accessing or moving the customer’s checking account.

As the bank communicates recurrently and through different channels, if you receive a call with this type of approach or are in doubt about the veracity of the contact, the customer must immediately hang up and, from another telephone device, contact the central service desk or your bank manager. These and other safety guidelines are also available on the website itau.com.br/seguranca”.

Don’t know how to protect yourself and what to do if you fall into a scam? Check out a guide made by CNN Brazil Business in this link.