Cybercrime ring uncovered in Brazil (Update)

Jul 03, 2014 by Stan Lehman

A massive cybercrime ring in Brazil may have stolen billions of dollars from a widely used online payment system, a technology security company said.

The RSA Security division of EMC Corp. said in a research report released on Wednesday that a "malware-based fraud ring" had infiltrated the online payment method known as the boleto, diverting payments to accounts held by members of the ring.

Boletos are used in a wide range of transactions, such as telephone, school tuition, mortgage and credit card payments.

The report said the scheme may have compromised close to 500,000 transactions with an estimated value of $3.75 billion over a two-year period. However, researchers were unable to determine how many of those boletos were paid by victims or whether they went to fraudster-controlled bank accounts."

It said transactions of 34 banks were affected, though it did not name the banks.

The Federation of Brazilian Banks that represents Brazil's banking industry said the country's banks lost 1.4 billion reals (about $700 million) to electronic fraud in 2012.

RSA said it turned over its report to Brazil's federal police, to the Federal Bureau of Investigation and to the federation.

The federal police and the federation said they had no immediate comment.

According to the report, the boleto system is the second most popular payment method in Brazil after credit cards.

E-bit, a Brazilian e-commerce market research firm, estimates that 18 percent of all purchases made in 2012 in Brazil were transacted via boletos.

The report says the malware appears to affect only boletos generated or paid online via infected Windows-based PCs using Google Chrome, Mozilla FireFox and Microsoft Internet Explorer. It modifies the boleto information "so that payments are redirected to a fraudster's account," the reports said.

Explore further: Amazon adds subscriptions to its payment service

3 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

EMC buys identification services firm Aveksa

Jul 10, 2013

(AP)—EMC Corp., a maker of data storage equipment, said Monday that it has acquired identity verification services company Aveksa, boosting the offerings of its own security division.

Recommended for you

Does your password pass muster?

Mar 25, 2015

"Create a password" is a prompt familiar to anyone who's tried to buy a book from Amazon or register for a Google account. Equally familiar is that red / yellow / green bar that rates the new password's strength. ...

Beijing behind Internet security violation: group

Mar 25, 2015

China's cyberspace administration is "complicit" in attacks on major Internet companies including Google, an anti-censorship group said Wednesday, calling on firms worldwide to strengthen their defences.

House unveils cyber bill and signals bipartisan compromise

Mar 24, 2015

House intelligence committee leaders unveiled a bipartisan cybersecurity bill Tuesday amid signs of broad agreement on long-sought legislation that would allow private companies to share with the government details of how ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.