Phantom purchase scam takes your card balance; see how to identify and avoid

Error messages when trying to pay with a credit or debit card are common, often signaling technical problems that are harmless to the consumer. However, a new scam has been simulating errors in card machines to duplicate transactions and, without the merchant or customer noticing, carry out a second charge to the customer, of the same amount, but directed to the scammer’s account.

Analysis by cybersecurity company Kaspersky indicated that the scheme has been applied by the Prilex group, which specializes in credit and debit card fraud. Scammers contact establishments through telegrams or phone calls, pretending to be employees of the bank or the card machine company, and requesting the download of a certain file for an alleged system update.

If in the phantom hand scam fraud occurred after the user was induced to download applications, in the phantom purchase scam it is the commercial establishment that needs to be careful not to allow the invasion.

Abecs (Brazilian Association of Credit Card and Services Companies) says that Prilex is already known and fought in payment systems and is not able to compromise the security of the chip. According to the entity, this type of event was identified in only one type of system, not in a generalized way, which generated rapid mobilization on the part of companies to create and implement defense mechanisms capable of neutralizing its action.

This file is a legitimate tool that allows you to access your computer remotely, so it is not identified as a threat by security programs. However, it allows scammers to verify various information, including the volume of card transactions.

“If there are few payments, they stop the attack there. However, if the volume is large, from this moment on, they install Prilex on that computer, where the payment software is”, explains Fabio Assolini, director of the global research and Kaspersky analysis in Latin America.

Criminals adjust the installation so that Prilex is not detected by antivirus software, often removing security software. Once installed, it affects payments on machines connected to the system. The first purchase attempt appears to result in an error: “You will insert your card, enter your password or pin, but then a problem will occur. The transaction will not be approved, and this will force you to repeat the operation”, says Assolini.

But the first attempt, although imperceptible to the establishment and the customer, happened: Prilex captured the card data, its password and the authentication key for the operation, and diverted the amount to another machine. The error is simulated so that the customer repeats the payment and the establishment receives the amount due, without suspecting fraud. The record of the crime only appears on the card statement, which contains two purchases of the same value: one of them, carried out without the customer noticing, is called a phantom transaction.

Card association recommends caution to shopkeepers

Abecs recommends that shopkeepers pay attention to any phone calls from fake technicians who want to carry out a supposed system update on the card machine. “It is important to confirm the professional’s identity whenever you receive a contact from the accrediting company.”

The association states that the electronic payment industry in Brazil is one of the safest in the world.

Consumers must check card bills and trigger purchase notices

For consumers, Abecs always recommends checking the card bill, registering to receive messages whenever the card is used and, in case of unrecognized transactions, contacting the card’s service center immediately.

Assolini points out that there is little the user can do to guard against the blow. “When making a payment, you don’t know if that particular system is infected or not. The only thing you can do is keep an eye on your credit card statement. If an unrecognized transaction is detected, it is always recommended that you enter quickly contact your bank or card issuer reporting the fraudulent transaction,” he explains.

Kaspersky also says it has identified Prilex offers for other groups to operationalize the attacks. It is currently investigating an alleged offer of US$ 13,000 (R$ 67,700) for the malware.

In a statement, the São Paulo Civil Police press office said that the state has the Cyber ​​Crimes Division of the State Department of Criminal Investigations, created to combat property crimes committed by electronic means, and emphasizes the importance of recording incidents. in person or through the Electronic Police Station. It also declares the existence of a booklet with recommendations and guidelines, available at this link.

Prilex started hacking ATMs in 2016

The group started the attacks during the 2016 Carnival: “They managed to install a virus in more than a thousand ATMs, and program these ATMs to spit out all the money in a synchronized attack in several cities in Brazil”, reports Assolini. In this same attack, data from 28,000 credit cards inserted into the cashiers were captured.

That same year, they began to focus on means of payment, evolving to their current form. “Prilex has been changing its tactics since the beginning, precisely to be able to continue committing these frauds”, he says.