“The rapid growth in the adoption of payment apps is one of the reasons why this type of attack has grown. Although not all countries in Latin America have a high adoption of these systems. All trends sooner or later expand and access to fake apps is very easy,” said Cuazzo.
The executive’s investigation has identified that these types of apps are sold through Telegram groups, since what is sold is the APK of the application, since it is impossible for cybercriminals to upload it to any of the official Google or Apple stores, since the security filters would eliminate them.
“We have identified apps from neobanks, payment wallets and banks that simulate the interface of authentic applications. What they do is offer packages where you can have a certain number of screenshots with fake transfers or even SMS that simulate being from banks warning that a transaction is delayed or is about to happen,” Cuazzo said.
Read also: Condusef warns about card skimming at ATMs: this is how they could empty your account
Condusef warns about phantom transfers
Although he pointed out that in countries like Peru or Argentina they have had a strong impact on businesses, Mexico is not exempt from having this type of fraud and in fact the Condusef has identified the use of this type of fraud but towards consumers.
The way they operate in the country is that criminals publish advertisements in print or electronic media supposedly from well-known companies, in which they offer vehicles, works of art or other types of items for sale at very attractive prices.
Once people contact the criminals to obtain more information or to purchase the goods on offer, they are told that they must send a SPEI (electronic transfer) as soon as possible to a CLABE “X” account and in the name of the well-known company that appears in the advertisement.
However, after making the payment and going to the store, they realize that it was a forgery from a well-known company and the transfer they made is lost.
For this reason, Cuozzo recommends that companies apply anti-social engineering techniques, that is, that they verify that the transfer has been made directly in their banking applications and, if possible, that they try to control their electronic payments with their own terminals, to avoid the use of transfers as a payment method.
In the case of the recommendations made by Condusef to avoid phantom transfers to the consumer, it is suggested that if you are going to buy items that are sold in various media, first ask the company or business directly if they are in fact the ones making the sale.
In addition, users can ask the company in question whether payment can be made directly at their home, eliminating the SPEI and, if possible, the user must obtain a document that supports the purchase-sale operation of the items of interest, before making the payment, where it can be verified that the company exists.
Add Comment