Brazil: A Paradise for Cybercriminals
Although Brazil claims of being the largest country in South America, having the world’s largest rainforests and being the main home of the world’s greatest snakes (see Brazil’s Snake Island), it is now on its way to becoming the world leader in internet fraud.
As Kaspersky Lab Researcher Juan Andres Guerrero says, Brazil is almost at the top when it comes to global fraud. One of the fraud technics is a barcode system that is used only in the Brazilian payment systems.
As Juan Andres Guerrero points out, someone who wants to pay in Brazil can pay by means of a barcode printed on a piece of paper.
What is Boleto?
The so-called Boleto Bancário is a system called the Boleto (ticket), a payment system that provides electronic payment between banks and the market organized by Brazilian Federation of Banks (FEBRABAN) and SPB (Brazilian Payment System).
In fact, boleto allows the buyer to pay the vendor like a sort of receipt. Most importantly, any person or firm with a bank account can produce its own boleto, online or offline, to make payments to it.
Below is an example of a boleto.
For instance your bill, the company gives you a boleto barcode number on an invoice, and you take it to enter the barcode number while paying your bills from the internet banking.
In recent times, boletos have begun to be used by many fraudsters.
The most common type of attack is fake boletos. Using the social engineering technics for the fake boleto number produced by fraudsters to make a fraudulent payment, the victim pays by getting a mysterious message (usually by mail) as if it were electricity, water or telephone bill. The fact that counterfeit boletos are very similar to real ones is a factor that makes it easier to get results. So when you pay the electricity bill, you pay the money to the fraudulent bank account.
Another method is Boleto Malware which is detected by many security firms. This threat seems to be a kind of Man In The Browser Attack. The Boleto Malware on the user’s computer is modified by the Boleto Barcode Number on online payments, allowing the fraudulent user to deposit money into the account.
Boleto by Numbers
According to RSA report;
1. 30 different banks operating in Brazil are affected by this method
2. The estimated loss is estimated at $ 3.75 billion.
3. The number of 495,753 fake boletos RSAs produced is only 8.095 units
4. It is believed that 83.506 personally identifiable information was stolen by Boleto Malware.