Tidings As hackers try fishing FGTS beneficiaries information

Published 20 February 2017

Before the official calendar of the Federal Savings Bank to be disclosed, a Facebook page already announced a false schedule.

The timing of the withdrawals of inactive accounts of the Service Time Guarantee Fund (FGTS) was released by the Federal Savings Bank on Tuesday (14), but before the date already circulating on social networks a false schedule in order to catch unwary . If even part of the Clinton team, which in theory should understand the basics of digital security, phishing fell during the American elections, it is expected that hackers easily get information from lay users on the Internet.
O golpe acontece em duas etapas. A primeira consiste na obtenção de dados dos usuários, que pode ser feita de duas maneiras básicas: a partir do roubo de dados como PIS e Pasep (por algum tipo de vazamento) ou convencendo o internauta a clicar em e-mails ou sites falsos (o clássico phishing). O segundo passo é convencer a vítima a pagar o procurador (no caso, o hacker que se passa por procurador) para que ele possa passar o extrato do FGTS ou até fantasie a operação inteira.

Cybercrime is common in times of great economic mobilization (whether for Christmas shopping or Black Friday). "It's the equivalent of the traditional saidinha bank. Burglars know when the population goes to the box draw the salary. Today is the saucy FGTS, "said Rodrigo Fragola, president of Aker Security Solutions and vice president of the Association of Business IT Brasileiras (Afespo). He also warns of the danger of false news, which largely bring along a digital threat.

E-mail with fake signature of the Federal Savings Bank (Photo: Playback)

Another evil consequence of false box email is that, by downloading the schedule, automatically interested installs a virus on your device that could allow the theft of personal data such as banking passwords and accounts on social networks.

Information concerning the inactive fund accounts are all free intansferíveis in CEF site. The same goes for banking procedures: financial institutions always redirect links from e-mails to the official websites of their brands. A Facebook page was created to announce the schedule, but it had nothing to do with the official account of the case: does the institution's logo and is not verified (a feature that Facebook uses to contribute to the dissemination of truthful information).

fake page on Facebook publishes calendar before released by Caixa (Photo: Playback)

Os sites falsos costumam ter templates idênticos aos oficiais, o que dificulta o discernimento dos usuários. “Muitas vezes, é uma página clonada e o DNS foi interceptado”, lembra Fernando Neves, diretor da empresa de segurança RPost. Nesse caso, é sempre importante averiguar o endereço eletrônico (principalmente quando se tratar de passar informações pessoais) e evitar o uso de computadores de terceiros.

A hotel computer, for example, can leave saved your registry PIS in Box site. "The incidence [the coup] FGTS has been very great. All are predisposed to get the money, then banks are reporting many false tickets and summonses, "says Neves. According to him, about 60% of the victims fall by search engines, not by email. You search on Google "inactive accounts FGTS" and, if not pay attention, falls into a fake site. "The maximum is always suspicious," says the expert.

Source: Time