Security researchers have uncovered a massive cyber-fraud ring in Brazil that may have netted billions over an unknown period of operation. The fraud has to do with the "boleto," a simple form used to authorize a bank transfer — for anything from buying a TV to paying your mortgage. Boletos can be filled out on paper or online, and are used nationwide in Brazil as an alternative to credit cards. But it turns out the online forms are highly susceptible to a new kind of malware.
As described by RSA Research, this "Bolware" malware simply substitutes a different destination bank account on the form when it is being submitted online. The sender won't notice the change in a long string of numbers, and the intended recipient simply won't ever receive the money. Instead, it goes to the scammer's account — and the amount in such accounts, by RSA's estimates, exceeds $3 billion. Banks are working to blacklist fraudulent boleto accounts, but customers must also be cautious and double-check payment forms. Techincal information is available in this report issued by RSA Research (PDF).
Sign up for top Technology news delivered direct to your inbox
Thieves tweaked 'off-the-shelf' malware for Target data heist, security firm says
NSA's Malware Methods Outed in Latest Leak
Porn Dethroned as Top Source of Mobile Malware
— Devin Coldewey, NBC News
First published July 2 2014, 4:01 PM
Devin Coldewey is a contributing writer at NBC News; he started his role in April of 2013. Coldewey is responsible for original reporting on a number of tech topics, such as photography, biotechnology, and Internet policy.
... Expand Bio
Coldewey joined NBCNews.com from TechCrunch, where he was an editor covering a similarly wide variety of content and industries. His personal website is coldewey.cc.