contador web Saltar al contenido

Phishing and fake buying: remember the biggest online scams of 2019 | Security

Phishing attacks on WhatsApp, fake purchases on Mercado Livre and "shakes shakes" in transport apps are among the biggest online scams of 2019. These pitfalls have been recurring in the past twelve months and have made thousands of victims in Brazil. Globally, criminals have refined tactics applied to established crimes, such as sextorso, jackpotting and file hijacking, showing that these threats have not lost their strength. Thinking about it, the TechTudo gathered the main virtual attacks that occurred in 2019.

READ: Site promises to show who has entered your Instagram; see risks

WhatsApp: five tips for using the app safely

WhatsApp: five tips for using the app safely

Phishing scams are the main cyber threat in Brazil, according to experts. Although most campaigns start via email, in 2019 the attacks expanded to social networks like Facebook and Instagram and even to systems historically recognized for their security, such as Apple's.

The messenger is the preferred target of criminals because it allows the campaign to be easily and quickly shared among the victims: to receive the supposed benefit or gift, the person needs to forward the message to a certain number of groups or contacts. When the user "takes the bait", scammers are able to redirect them to pages with fake ads that generate profits at each view and steal personal and financial data.

2. 'Shakes shakes' at Uber and 99

Uber hit 99 and makes racing four times more expensive Photo: Divulgao / UberUber hit 99 and makes racing four times more expensive Photo: Divulgao / Uber

Uber hit 99 and makes racing four times more expensive Photo: Divulgao / Uber

Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo

The so-called "shakes shakes" hurt many passengers of 99 and Uber in 2019. In this scam, drivers circumvent the GPS of the transport app so that trips need to follow a route longer than necessary. The cunning trap: although you can see that the path is longer than usual, the passenger is unable to perceive the blow effectively, since the driver is following the path indicated by the GPS. On social media, there are race reports that are almost four times more expensive than what was prayed for by the app.

3. Fake purchase on the Free Market

Imagine advertising a product on Mercado Livre, receiving a purchase confirmation email and even posting the item at the Post Office when, in fact, the "buyer" did not pay a cent for the transaction. It happened to many people who use the site to generate extra income in 2019. Using the seller's interest in closing a deal, scammers induce the victim to send the products before payment is made. To this end, they tampered with e-mails from Mercado Livre and falsified shipping labels with instructions and standard procedures for the sales platform.

Criminals use Mercado Livre to hit people who advertise products on the platform Photo: Eduardo Machado / TechTudoCriminals use Mercado Livre to hit people who advertise products on the platform Photo: Eduardo Machado / TechTudo

Criminals use Mercado Livre to hit people who advertise products on the platform Photo: Eduardo Machado / TechTudo

In such cases, the tip is to pay attention to the veracity of the email sent and check if the message really has as a sender the Mercado Livre or Mercado Pago. Furthermore, it is of utmost importance to carry out the entire operation within the e-commerce platform and not to inform, under any circumstances, email address or WhatsApp number.

Jackpotting is the name given to the scheme in which thieves hacked the ATM system, causing machines to "spit" money after a command. In March, criminals used malware marketed on the deep web to dig through the most valuable CD storage drawers and withdraw money.

Jackpotting scam that steals money from ATMs Photo: Divulgao / KasperskyJackpotting scam that steals money from ATMs Photo: Divulgao / Kaspersky

Jackpotting scam that steals money from ATMs Photo: Divulgao / Kaspersky

Trojans were also used in this scam modality: in July, researchers from cybersecurity company Kaspersky detected a programmed threat to infect the banking network of financial institutions and track machines in order to break into and control them.

Although sextorso scams are not new on the Internet, there was no shortage of people falling for this type of fraud in 2019. Criminals can use various means from spambots to management platforms and blog editing, but the approach does not usually vary a lot: in general, they say they have recordings made while users watch porn movies and demand payment of a bitcoin ransom in order not to post alleged intimate videos of the victim on the web.

Sextorso scams threaten to release intimate videos and make victims in 2019 Photo: Pond5Sextorso scams threaten to release intimate videos and make victims in 2019 Photo: Pond5

Sextorso scams threaten to release intimate videos and make victims in 2019 Photo: Pond5

To avoid falling into this type of scam, make sure that your computer or cell phone has the antivirus always up to date, which reduces the chances of hackers accessing the camera remotely. In addition, it is recommended to avoid sharing intimate content through emails or messaging applications, especially with strangers or little-known people. Remember to also disable the upload of this type of media in the cloud, since, in case of theft of the service user password, the data can be accessed by third parties.

Estimates of amounts requested as ransomware scam ransom exceed $ 5 million Photo: Joo Balbi / TechTudoEstimates of amounts requested as ransomware scam ransom exceed $ 5 million Photo: Joo Balbi / TechTudo

Estimates of amounts requested as ransomware scam ransom exceed $ 5 million Photo: Joo Balbi / TechTudo

The ransomware scams, in which criminals encrypt victim files and charge a cash amount for the ransom, came out in 2019. According to Kaspersky researchers, there were more than 170 attacks this year, and estimates of the amounts demanded for ransom exceed the $ 5 million. The number of campaigns represents an increase of at least 60% compared to 2018. Education, government, retail and health are among the sectors most targeted by criminals in Brazil.

7. Scam to steal bank details

Banking data is a frequent target of criminals, and in 2019 it was no different. At the beginning of the year, a malware campaign simulated pages of Brazilian financial institutions to intercept customer data and made more than 28 thousand victims. The month of July, in turn, was marked by the return of an already known threat: the malware WannaCry, responsible for an outbreak of ransomware that spread around the world in 2017, returned in the form of WannaLocker, which attacks smartphones of bank customers. Brazilians.

Scams to steal bank details were recurring in 2019 Photo: Pond5Scams to steal bank details were recurring in 2019 Photo: Pond5

Scams to steal bank details were recurring in 2019 Photo: Pond5

Another highlight of 2019 was Guildma, a malicious agent that spreads through targeted phishing emails that contain invoices, invoices, research invitations and other types of fake messages. From the beginning of the year until August there were about 27 thousand victims, including 130 banks and another 75 online services in the world, such as Netflix, Facebook, Amazon and Gmail.

How can I stay safe?

To protect yourself from any and all online threats, the first step is to keep your device's antivirus up to date. Also, avoid clicking on links of unknown or suspicious origin, as many of them open doors for phishing campaigns and downloading malicious software that steal or hijack data.

Some attacks, however, require specific care. In the case of jackpotting scams, for example, the recommendations include avoiding ATMs in public places and giving preference to machines within bank branches. It is also important to find out if there are any foreign devices connected to the ATM, such as spare keyboards or cameras.

Finally, always be attentive and suspicious. If criminals pose as representatives of online stores or banks, for example, do not hesitate to contact the institution in question to attest to the veracity of the communication.

How to remove viruses from PC? See tips in the TechTudo forum

How to post on WhatsApp Status from your computer

How to post on WhatsApp Status from your computer