{"id":3641,"date":"2014-07-09T10:29:04","date_gmt":"2014-07-09T14:29:04","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=3641"},"modified":"2020-02-26T18:58:50","modified_gmt":"2020-02-26T14:58:50","slug":"boletos_what_can_we_learn","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/boletos_what_can_we_learn\/3641\/","title":{"rendered":"What Can We Learn From the Billion Dollar Brazilian Boleto Scam?"},"content":{"rendered":"

If you\u2019re a regular reader with a remarkable capacity to recall unique words (or just a resident of Brazil), then you might recognize the term \u201cBoleto.\u201d We first became aware of a scam involving Boletos<\/a> \u2013a popular payment method in Brazil \u2013 back in February at Kaspersky Lab\u2019s annual Security Analysts Summit. Now the term is back in the news following RSA\u2019s publication<\/a> of a research paper suggesting that Boleto-related fraud cost South America\u2019s most populous country $3.75 billion in 2012.<\/p>\n

\"boleto\"<\/a><\/p>\n

Boletos are special invoice documents issued by banks and businesses that are used not only to pay bills but also more broadly to pay for goods and services. With a little hacking and a lot of social engineering, Brazilian cybercriminals have been making serviceable counterfeit Boletos, which they can print and use to transfer money out of out of bank accounts that belong to the people whose Boletos the criminals are mimicking.<\/p>\n

That $3.75 billion dollar is hotly contested. According to our friends at Threatpost.com<\/a>, the Brazilian banking association FEBRABAN estimates that Boleto-related fraud accounts for just $700 million. In private conversations, I have been told the number may sit near $1.1 billion. Whichever is correct, Boletos are costing Brazil a lot of money, as Kaspersky Lab security experts Fabio Assolini and Santiago Pontiroli noted at SAS earlier this year<\/a>.<\/p>\n

\u201cBrazil may be proud of not only its football team, but its developed economy and modern banking ecosystem as well. Unfortunately, the country has a developed cyber-underground as well.\u201d<\/div>\n

Another of Kaspersky\u2019s global research and analysis team members, Dimitry Bestuzhev, explained to the Kaspersky Daily that as Brazil has developed into the economic powerhouse of South America, so has that country\u2019s cybercriminal underground.<\/p>\n

\u201cBrazil may be proud of not only its football team, but its developed economy and modern banking ecosystem as well,\u201d Bestuzhev said in an interview that coincided with the playing of the World Cup<\/a> in the country. \u201cUnfortunately, the country has a developed cyber-underground as well.\u201d<\/p>\n

Bestuzhev went on to explain that there are large numbers of criminals that deploys so called \u2018bankers\u2019 in Brazil. \u2018Bankers\u2019 is just his term for banking trojans<\/a> or malware designed with malicious code that steals financial data from victims in or near Brazil.<\/p>\n

\u201cThe Brazil-specific twist is a popular, alternative payment system, called a \u2018Boleto,'\u201d he explained. \u201cBoletos are very popular, because anyone paying with Boleto typically receives an additional discount.\u201d<\/p>\n

Bestuzhev noted that these scams aren\u2019t new \u2013 citing Assolini and Pontirolli\u2019s SAS briefing \u2013 and also contested RSA\u2019s figures, saying their loss estimation is \u201cway overblown.\u201d<\/p>\n

The trick is not a complicated one, Bestuzhev explained. While a user is printing their Boleto, a Trojan on the victim\u2019s computer modifies that Boleto\u2019s barcode. The printed Boleto is then useless. The criminal then uses the legit Boleto-barcode in order to transfer money into his or her own account.<\/p>\n

\u201cOrdinary users must utilize a strong antimalware protection system to prevent their machines from being infected,\u201d Bestuzhev said. \u201cHowever, more efficient technologies, like Kaspersky Safe Money<\/a>, can prevent theft even when a machine is infected.\u201d<\/p>\n

In other words, stay smart; follow the security advice you read here and elsewhere. All you really need to do to protect yourself from these Boleto scams is run a solid antivirus product<\/a>.<\/p>\n

Assolini will be presenting new information about Boleto scams at the upcoming Virus Bulletin Conference in Seattle in September<\/a>. A corresponding blog-post will be published on Securelist (which just got a slick redesign!).<\/p>\n

\n

Nossa tecnologia Safe Money protege contra trojans BHO e extens\u00f5es maliciosas que alteram boletos banc\u00e1rios pic.twitter.com\/a26dVMbk72<\/a><\/p>\n

\u2014 Fabio Assolini (@assolini) July 2, 2014<\/a><\/p><\/blockquote>\n