Brazil: Fraudsters Redirected Nearly $4 Billion from Boleto Payments (July 7, 2014)
A Brazilian fraud ring has absconded with US$3.75 billion in two years using malware to penetrate Boleto payments from individual consumers and companies, and redirecting those payments to fraudulent accounts, according to a report by security solutions provider RSA Research Group. The Boleto, short for Boleto Bancário, is a popular payment method in Brazil, similar to a money order. Boletos can be generated online or printed and mailed to customers.
The report indicates the fraud ring has affected more than 30 banks in Brazil and infected more than 192,000 PCs. The estimated monetary loss is based on the sum of nearly a half million potentially fraudulent transactions.
RSA has turned over its research to federal authorities in the U.S. and Brazil and is urging banks that process Boleto payments to implement security countermeasures, such as network monitoring, filtering and blacklisting to block known malicious IPs. The Boleto malware fraud operation has appeared in recent years in Brazil, with the first signs near the end of 2012 or early 2013, according to the report. The RSA Research Group analyzed gathered data between March 2014 and June 2014.
See related stories:
