Brazil’s Cybercrime Free-For-All: Many Scams And Little Punishment
Brazil can boast many superlatives: the biggest country in South America, which is home to the the world’s biggest rain forest, which is home to the world’s biggest snake.
And now Brazil can claim to be a world leader in Internet fraud. It may not seem intuitive to associate Brazil with cybercrime, but the country was an early adapter of online banking and that helped create opportunities for online theft.
Most schemes have targeted other Brazilians but now they hit farther afield in places like the United States.
“As far as global fraud is concerned Brazil is almost exclusively at the top,” says Juan Andres Guerrero, a senior security researcher for Kaspersky Labs, the Internet security firm.
The list of scams coming out of Brazil would take too long to detail, but thousands of fraudulent charges from there hit three U.S. financial institutions just to name one recent event.
“They are fantastically creative,” says Guerrero. “Brazil actually takes an inordinate amount of time [to monitor] because of the amount of malware, the amount of schemes. They are constantly creating these phishing campaigns. They are incredibly elaborate.”
Creating Phony Bar Codes
The most recent one targeted a unique payment system in Brazil called the boleto, says Guerrero.
“Whenever someone needs to make a payment in Brazil, they can print a piece of paper with a bar code,” he notes.
The boleto system was invented in Brazil in an attempt to combat online bank fraud.
“What happened was these criminals caught up to that idea and they decided to design malware specifically to rewrite those bar codes, so they’ll go far as to create entirely new avenues and it’s profitable for them,” he adds.
That scheme alone netted criminals as much as $3.75 billion.
Jose Euson, who lives in the western Brazilian state of Acre, received what he thought was a legitimate boleto to pay a business creditor some $7,500.
When he called to confirm the payment, the creditor said he hadn’t received it. But Euson said he had received a receipt. That’s when he discovered the money had been stolen. The bank said it wouldn’t reimburse him and now he has hired a lawyer to pursue the matter.
According to one report, at least 75 percent of Brazilian Internet users claim to have been victims of some form of cybercrime.
A Distinct Profile
The report from the Igarape Institute says the few cybercriminals who have been caught tend to fit a profile: well-educated, upper-middle-class males from 25 to 35 years old. It’s an attractive business to be in because it pays well and you rarely get caught, says Brazilian cybersecurity specialist Lincoln Werneck.
He says Brazil passed its first cybercrime law at the end of 2012 — and it was done in a rush only after a soap opera star had private pictures hacked from her account.
The laws are completely ineffective and inefficient, Werneck says. Most cybercrimes involve only light penalties such as house arrest or a fine.
He also says federal and state cybercrime divisions are understaffed and underfunded. And he says despite the fact that Brazilians are obsessed with social media and Internet use, they aren’t educated in how to protect themselves online and so they frequently fall for scams.
Werneck says there is still no law that protects personal information in Brazil. It can be sold or given to legitimate or illegitimate businesses with no repercussions. He says he hopes a new law will be on the books in the next few years. But then he shrugs, saying that with Brazil’s Congress, you never know.