New, Live, Interactive Phishing Attacks Emerge in Brazil

Brazil is fighting an uphill battle when it comes to cybercrime. There’s a new fraud attempt every 16.9 seconds in Brazil, Convergência Digital reported. According to Brasil Econômico, there are about 4,700 attempts per day. No wonder internet fraud has been named the “fraud champion” of Brazil.

IBM X-Force continues to discover evolving cybercrime threats and new tactics in the country. X-Force researchers uncovered and analyzed a new phishing method that recently emerged in Brazil. This particular method is designed to emulate a banking Trojan by extracting critical data from its victims in real time via a live, interactive phishing attack.

This type of phishing scheme takes place over a web session between the attacker and the victim. It is able to mimic a target website’s look and feel, more so than just an idle phishing page. From afar and behind the scenes, cybercriminals impersonate the victim’s bank and ask for all kinds of account details.

Most likely, the criminal will access the compromised account from the bank’s website to make a transaction in real time, all the while milking more authentication details from the unsuspecting victim. The emergence of this new method’s will likely contribute to rises in fraud in Brazil over the coming months.

Brazil is already the second-largest generator of cybercrime in the world, according to Computerworld, and the country most affected by fraud in Latin America, per Globo. For some perspective, one of cybercrime’s most targeted countries in the world, the U.K., saw a 25 percent increase in online fraud in 2015, as reported by The Guardian. Brazil saw a 40 percent rise in online banking fraud, according to El País, during the same year.

This unique phishing post was part of my work with IBM X-Force. Read the complete post here.