"Comunicado-BB: There are errors in your access": this is how the SMS that bandits send to cell phone users all over Brazil begins. Their goal is to use the name of the famous bank to attract clicks. The message presents the address of a website that replicates the look of Banco do Brasil. However, it is fake and can steal the information from the Internet user.
The situation has become repetitive. To clarify your main doubts and help you arm yourself against digital criminals, we spoke with the biggest banks in the country Ita Unibanco, Bradesco, Banco do Brasil and Caixa Econmica Federal. At stake is your security and how to protect yourself from threats that arrive by SMS.
Fake newsletter includes link to Spanish website (ending in .es) Photo: Thssius Veloso / TechTudo
WhatsApp scams: the definitive guide to not falling into a trap
Banks use special numbers
Digital security experts are unanimous in recommending that the user be cautious when receiving a message supposedly attributed to a financial institution. The first step is to look at the phone number where the SMS came from. As a rule, the largest companies in the sector use technology that automates the triggering of messages. They also adopt a different format than that used for fixed and mobile lines.
The traditional (xx) 9xxxx-xxxx gives way to leaner numbers. These are the most used senders for communications from banking conglomerates:
- Ita uses 24828, according to tests carried out in the newsroom. The company said it does not have a standard, which means that other numbers can also be employed.
- Bradesco has 2370 and 30330, among others. "We use short codes for sending SMS. They are never complete cell phone numbers, but several numbers are used ", informs the bank in a note.
- Banco do Brasil says to use 4004-0001.
- Box numbers 22492, 28112, 27182, 27104 and 10104 are in use.
Santander and Safra banks prefer not to give details as they handle automated SMS.
Anti-virus developer ESET points out that "banks and other serious institutions generally do not request personal or financial information from their customers by email or SMS". The recommendation is in line with Banco do Brasil, which says "never ask for passwords".
The largest bank in the country, Ita confirms sending messages that contain addresses of pages on the internet. The institution recalls that every link sent to customers begins with done.vc/.
Fake website uses Banco do Brasil brand and asks for bank information Foto: Reproduo / TechTudo
The fake pages ask for important information, such as the account holder's agency, account and password. In our experiment, the address supposedly assigned to Banco do Brasil reproduces the organization's brand and brings a menu with account statement and loan, among other options. All of lies.
The Brazilian Federation of Banks (Febraban) has a list of 18 security recommendations in the digital environment. Below are the guidelines for smartphone access.
- Do not click on links received through electronic messages.
- Watch out for messages of unknown content, especially if they have attached files or unsolicited links. I pay attention to those who arrive via instant messaging services, chat groups, social networks or e-mail; On cell phones, they prefer to use their bank's application to make transactions, instead of the bank's website via browser.
- On cell phones, he prefers to use his bank's application to make transactions, instead of the bank's website via a browser.
- Do not install applications or open files of unknown origin. They can contain viruses and other harmful programs that are hidden from the user and allow fraudsters to act on your account, from information captured after typing on the keyboard.
Banks invest about R $ 2 billion a year in information technology systems, according to the entity.
The simple tip of observing the sender's number tends to kill the riddle in most cases. Other factors, such as Portuguese mistakes seen in the recent coup on Bolsa Familia, are also found by criminals. Users should also note the addresses on the pages. There is a profusion of links ending in .es. The pages are thus dedicated to companies based in Spain and are not used by the largest banks in the country.
If you want to confirm the data presented in the SMS, the most viable option is to open the bank's official application or access the official website.
There are anti-virus for smartphones capable of detecting if the links redirect to pages with malicious files.
More security: how to remove viruses on an Android phone