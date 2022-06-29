Attempts of “Pix scams” increased by 350% between April and May of this year, compared to February and March. The information is from the cybersecurity company PSafe, which released a report claiming to have blocked more than 424,000 scam threats in the period. Among the approaches most used by criminals is phishing, a type of scam in which victims are directed to fake websites that ask for sensitive data in exchange for a false benefit. Although not very elaborate, this tactic has high dissemination and personalization power.

How to protect yourself on Pix? See 5 tips and what to avoid

Many scammers also use social engineering techniques to trick victims into making a Pix transfer. This is the case of criminals who pose as acquaintances to borrow money from friends and family via WhatsApp. To help you avoid financial losses, the TechTudo prepared a list of seven measures to protect yourself from Pix scams. Check it out below.

1. Register the receiving account when making a Pix

Registering the account of close people in your bank app is a good way to avoid making a Pix for criminals by mistake. This is because, with the contact already registered, it is possible to identify if someone is pretending to be an acquaintance, or if the key entered is different from the one registered in the app.

The way to save a receiving account may change from bank to bank. So search, in the Pix tab of your financial institution’s application, for options such as: “add to my Pix contacts” or “save contact” and tap the button in question to continue with the process.

2. Choose random key when receiving Pix from strangers

It is common to choose data such as email, CPF and mobile number to be the Pix key. Despite facilitating transactions and identification of the recipient, this practice can pose a danger if personal data falls into the hands of malicious parties. To preserve your privacy and security, it is recommended to opt for random key when receiving Pix transfers from strangers.

To do this, open your bank’s application, go to the Pix area, select the “random key” option and wait for the service to generate the code. Then share the information with the person who will transfer it for you. Prefer to share the CPF or other key with personal data only with acquaintances.

3. Check the key holder’s data before carrying out the transfer

It is customary for criminals to impersonate friends or family to ask for money due to an alleged emergency, providing a Pix key registered in the name of an unknown person. In an attempt to deceive the victim, some even make up an excuse for the key to be in someone else’s name.

Therefore, carefully check the key holder’s data before making the transfer. The information is displayed on the screen before the user enters the password to confirm the transaction. If any information does not match the data of the known recipient, be suspicious. Informing a key registered on behalf of a third party is one of the strongest indications of a scam.

4. Do not make emergency payments before confirming the recipient’s identity

In addition to scams spread via WhatsApp, in which criminals impersonate acquaintances to borrow money from friends and family, there are scams in which scammers hack the profile of trusted people and advertise used furniture or electronics at a lower cost than usual. . In such cases, fraudsters often claim that other people are interested in the product and ask the victim to make part of the payment – ​​as a down payment – ​​urgently to reserve the item.

The tip, then, is always to confirm the identity of the person who asked you for the favor or offered you something before making the transfer via Pix. You can, for example, make a call to confirm that you are indeed talking to the acquaintance or contact him through another social network.

5. Be careful with links shared via WhatsApp and social networks

Links shared via WhatsApp and social networks need extra attention. That’s because phishing attacks are usually spread by messenger, Facebook or Instagram. Criminals promise Pix withdrawals, free benefits and even products with prices far below the average to “hook” the user’s attention and make him access the fraudulent website. The pages contain forms that ask for sensitive information such as bank details, cell phone numbers and even document numbers.

It is also worth noting that, in some cases, the sites imitate the e-commerce layout of well-known retailers. Therefore, it is necessary to pay attention to other details, such as grammatical errors and duplicate letters in the URL (ameriicanas.com.br instead of americanas.com.br, for example), domains with an unusual ending (.biz, .net or . info) and absence of HTTPS certificate. You can also use Psafe’s link checker (https://www.psafe.com/dfndr-lab/pt-br/), which tells you if a given URL is really safe.

6. Adjust the Pix transfer limit in your bank app

It is possible to change the daily movement limit via Pix in banking applications available for Android and iPhone (iOS) phones. Each app has a specific way to make the adjustment, but in general, just go to the Pix area and look for an option like “My Pix Limits”. Once you find the feature, follow the onscreen instructions to set a lower daily limit.

Thus, if the smartphone falls into the hands of third parties, for example, criminals will find it difficult to carry out movements greater than the limit value. The victim, in turn, gains more time to notify the bank about what happened and block other operations.

7. Watch out for fake QR Codes

Criminals take advantage of the payment feature via Pix by QR Code to attract more victims. The attacks consist of directing the user to a fraudulent page by scanning the QR code. In this case, the tip is to learn to differentiate fake codes from legitimate ones. First, when scanning the real QR Code through the bank’s application, the purchase amount and CPF or CNPJ of the transfer recipient are displayed on the screen. In addition, legitimate QR codes do not direct the user to another website, nor do they ask to download files.

With information from PSafe

