Security researchers have uncovered a massive cyber-fraud ring in Brazil that may have netted billions over an unknown period of operation. The fraud has to do with the "boleto," a simple form used to authorize a bank transfer — for anything from buying a TV to paying your mortgage. Boletos can be filled out on paper or online, and are used nationwide in Brazil as an alternative to credit cards. But it turns out the online forms are highly susceptible to a new kind of malware.
As described by RSA Research, this "Bolware" malware simply substitutes a different destination bank account on the form when it is being submitted online. The sender won't notice the change in a long string of numbers, and the intended recipient simply won't ever receive the money. Instead, it goes to the scammer's account — and the amount in such accounts, by RSA's estimates, exceeds $3 billion. Banks are working to blacklist fraudulent boleto accounts, but customers must also be cautious and double-check payment forms. Techincal information is available in this report issued by RSA Research (PDF).
— Devin Coldewey, NBC News