With the increase in online sales, scammers convince victims with fake deliveries and demanding a photo for confirmation. As a result, the leaked personal data is used to obtain financing worth thousands of reais.
This is what happened to a consumer via WhatsApp message from a pseudo-florist, informing her that she had received flowers in her name and that the delivery should be made in person. After collecting the merchandise, the package contained only 2 creams, requiring the customer to take a confirmation photo to verify that the “product” had been lost and/or exchanged.
After sending the image, the victim's bank contacted them confirming the credit of R$$90 thousand in vehicle financing.
This scam's main pillar is biometric identification together with previously separated personal data. This scam requires the image to be current because biometric identification, currently a trend in the country, seeks to authenticate identities.
Banks, aware of the imminent risk, send a link to the customer where their personal image and identification will be captured. However, to circumvent the system, the fake delivery person, already logged into the bank's app, covers the cell phone screen to trick the victim, who then requests financing.
Furthermore, these means of cyber theft have already been detected by the same scammers who used them on the aforementioned consumer, making victims in Volta Redonda, Rio de Janeiro, cities in Santa Catarina and Paraná, as well as São Paulo.
Such facts corroborate the role of financial institutions in increasing their efforts in privacy compliance programs, beyond the creation of policies, but also by exercising prevention through training and constant monitoring of the information security program and awareness of their employees.
By: Leonardo Neri, Fernanda Lobato and Fabiana Porta