This post is provided by Sicredi, World Council's direct member association in Brazil.
Every day there are new types of scams and fraud on the internet. With the current pandemic scenario, we have seen a large number of people migrating their financial lives to the digital environment and, with that, there has been a major increase in the activity of cyber criminals. To help members protect their accounts, here are some tips we've prepared to make them more secure.
Scam by WhatsApp
In this scam, the victim's WhatsApp is cloned by scammers, who pretend to be customer service representatives from popular shopping websites. They then steal account information stored in the app or use the victim's WhatsApp photo to impersonate them, send messages through the app and borrow money from the victim's most frequent contacts.
How to avoid:
- To prevent your WhatsApp from being cloned , enable 2-step verification.
- iOS: In WhatsApp, go to Settings > Account > Two-Step Confirmation > Activate.
- Android: On WhatsApp, go to Menu > Settings > Account > Two-step confirmation > Activate.
- To prevent your photo from being misused, display it only to your trusted contacts.
- iOS: On WhatsApp, go to Settings > Account > Privacy > Profile Photo > My Contacts.
- Android: on WhatsApp, go to Menu > Settings > Account > Privacy > Profile picture > My Contacts.
- To end active sessions when using WhatsApp Web/Desktop, set up the following configuration.
- iOS: In WhatsApp, go to Settings > WhatsApp Web/Computer > Disconnect from all devices.
- Android: on WhatsApp, go to Menu > WhatsApp Web > Exit all sessions.
If you receive any requests to make a transaction, do not do so before confirming the legitimacy of the transfer or payment request by calling the person and asking personal questions. Even if the contact's photo is of someone you know, confirm before making the transaction.
Scammers contact members, pretending to be employees of their credit union or other financial institution in order to obtain confidential information. Although this scam has numerous variations, they sometimes even mention that they work in the security area and need to confirm alleged transactions the member has carried out. The intent of scammers is to collect personal information and account details for misuse.
How to avoid:
- Never provide password or personal data to third parties, especially over the phone.
- Remember: your financial institution will not call you requesting a security module update or a registration update.
- In our contacts, we will never ask for a password, token code or device activation code. This information is exclusively for you to carry out your operations on our channels. Never pass on this information or type it on sites other than official channels.
In this category, the scammer's intention is to steal passwords, personal information or account data, such as codes, card numbers, expiration dates and security codes.
The most common types are:
- Account lockout scam
The scammer sends a fake e-mail or text message about an account being blocked in the name of the financial institution, informing the member about possible irregularities in their registration, which could lead to the total blocking of the account. The victim is directed to a fake form or page that captures their data.
- Security update
The scammer sends an email or text message with a link in the name of the financial institution, informing the member there is a required update or synchronization of their code, and asks for passwords and personal information. The victim is directed to a fake form or page that captures their data.
How to avoid:
- Disregard messages from financial institutions you have no relationship with, especially when they ask for your personal data and passwords.
- Beware of text messages. Do not click on links with suspicious promotions and do not provide personal data or passwords.
- Stay alert with messages received via WhatsApp or Telegram. They can also be harmful and bring similar content to those sent via email or text.
- In times of pandemic, care must be taken when participating in group activities broadcast on social media networks, even if they are received from people you know. Do not click on unknown links. The content and forms where you leave your data can be dangerous.
Scams on fake websites
Scammers create a fake page, almost identical to a real online store, advertising products with value far below the market price to attract shoppers. Victims buy items and pay by transfers or bank slips, whose amounts are credited to the scammers' account, or they enter the data on the credit or debit card that is used for fraudulent purchases.
How to avoid:
- Do market research comparing prices. Be wary if the value is too low.
- Locate the browser lock: a secure website features a padlock design next to the URL (website address). By clicking on the icon, the security certificate should be displayed.
- Do not click on links that lead readily to shopping sites. Type the website address into the browser. Links can lead to fake websites or websites that contain malware (viruses capable of copying sensitive data).
- When intending to purchase a vehicle through a virtual auction, check the possibility of going to the company's yard and analyzing it in person. Logically, every virtual auction company should have a yard where vehicles are stored.
Fake courier coup
If you receive a call saying that there are suspicious transactions on your card and that a courier will be sent to collect it, do not pass on any information (especially your password) and hang up immediately. Remember that no financial institution has this practice.
How to avoid:
- Never give your card to another person. No financial institution collects cards.
- Always cut the chip from the card when disposing of it.
- Never enter your password on links received via text message or WhatsApp.
- If you receive this type of contact, hang up and inform your cooperative.