The target now is small and small business owners.

NS pix It is an instant payment tool, developed by the Central Bank. It’s along with TED, DOC, and cards for people and businesses to transfer or receive payments. It enables citizens and businesses to conduct transactions in less than 10 seconds using the mobile application.

Recently, there is a new type of Pix scam targeting micro and small entrepreneurs. With the growth in the use of the pay-as-you-go method, scammers have adapted to the new. Now criminals are opening PJ accounts in many banks with willfully misplacing big brand names and cheating remittances to deter negligent businessmen.

How was this new deception discovered?

AllowMe, a digital security company, through its platform intelligence division, has recognized that scammers are getting better when it comes to scamming Pix. These criminals target the tiny and the small business men. The scam is called “false supplier deception”.

When did this scam start gaining attention?

According to AllowMe, “false provider scams” have become more and more common in recent weeks. Small business owners are the hardest hit and the gaps per effective attempt can range from $10 to R$10,000.

How does the new scam work?

It just happens from social engineering, it depends on the person’s fault in paying the providers. PJ criminals open in digital banks with non-existent company names. These names are similar to existing company names, but they intentionally miss a letter or a number.

Once the account is opened, the scammers contact the potential victim. They pretend to be a supplier from a well-known company, inform you that the payment procedure has changed using Pix, and ask for a new transfer to confirm.

How can criminals gain access to companies’ supplier lists?

They can obtain these listings in a number of ways, through internet data leaks, from someone with a connection to the company, or by going to the company’s website and looking at the seal at the bottom of the page.

When is this scam more likely to succeed?

According to Raquel Aquino, Information Security Analyst at AllowMe, this scam is more likely to succeed when it is practiced on companies that do not have required payments.

What are the tips to not fall for such scams?

Here are some tips to avoid such headaches:

• Verify recipient data when paying boleto or making Pix;
• Do not share passwords via messages, emails or SMS;
• Do not trust unknown contacts;
• Contact the supplier on secure and commonly used numbers/emails;
• Even if the amount requested is equal to the prepaid invoice amounts, consult the person responsible for administering this contract;
• Be wary of insistence on the part of the applicant;
• Please note: PIX does not require activation parameters;
• Suppliers are never informed of change of bank details/receipt over the phone, without formalization;
• do not provide personal and commercial data;
• does not confirm sensitive data between the company and the supplier;
• Do not transact without formalization through secure channels.