The Febraban (Brazilian Federation of Banks) sent a statement this Wednesday (21) warning that Pix, the Bank's instant payment system Central, has become a bait for scams that steal data such as CPF and bank password. The entity asks you to registration of keys directly on the official channels of the bank or fintech, avoiding opening links received by email, SMS or WhatsApp.
- How register your Pix securely in the bank and apps
- 25 questions and answers about Pix
Pix ( Image: Disclosure/Central Bank)
Financial institutions are in a dispute to get your Pix key: you can associate your CPF, mobile number and email address to an account specific to receive money when transfers are released from November. Nubank, Mercado Pago and PagSeguro lead the registrations; Banco do Brasil and Santander offer prizes of up to R$ 1 million.
“Scammers send fake links that, when accessed, direct the user to fake banking pages or even lead to the installation of a malicious file that steals personal and bank data”, says Febraban. It is the famous phishing attack.
Therefore, customers should not click on links received by email, WhatsApp, social networks or SMS messages that promise to direct the user to the Pix key registry. The safest way is to access the bank's app or website directly.
Pix keys are the target of phishing scams
Phishing email promises to register Pix keys (Image: Reproduction/Kaspersky)
For example, Kaspersky identified an email using the name of the Cashier that had a link to register Pix keys. In fact, this led to a fake website of the financial institution, which tried to steal the bank password, cell phone number and CPF.
In addition, dozens of deceptive domains were registered to, in the future, be used in blows. This includes addresses such as chavepix[.]me, managerpix[.]com,paypix[.]com, pixbrasil[.]tech, pixempresas[.]com and suportepix[.]online.
Febraban also mentions a less common scam in which the criminal calls the victim: he pretends to be a bank employee and offers to register Pix keys, asking for personal and financial data such as passwords and card numbers.
“The customer personal data are never actively requested by financial institutions, much less can be misused for Pix registration without their consent”, says Isaac Sidney, president of Febraban, in a statement. “When in doubt, always look for the manager, an agency or the institution's official call center.”
Financial institutions have recorded an 80% increase in phishing attempts during the pandemic. According to Adriano Volpini, from Febraban, 70% of frauds are associated with social engineering.