Brazilian 'Bolware' Bandits Bank Billions With Cyber Fraud

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Security researchers have uncovered a massive cyber-fraud ring in Brazil that may have netted billions over an unknown period of operation. The fraud has to do with the "boleto," a simple form used to authorize a bank transfer — for anything from buying a TV to paying your mortgage. Boletos can be filled out on paper or online, and are used nationwide in Brazil as an alternative to credit cards. But it turns out the online forms are highly susceptible to a new kind of malware.

As described by RSA Research, this "Bolware" malware simply substitutes a different destination bank account on the form when it is being submitted online. The sender won't notice the change in a long string of numbers, and the intended recipient simply won't ever receive the money. Instead, it goes to the scammer's account — and the amount in such accounts, by RSA's estimates, exceeds $3 billion. Banks are working to blacklist fraudulent boleto accounts, but customers must also be cautious and double-check payment forms. Techincal information is available in this report issued by RSA Research (PDF).

Sign up for top Technology news delivered direct to your inbox


Thieves tweaked 'off-the-shelf' malware for Target data heist, security firm says

NSA's Malware Methods Outed in Latest Leak

Porn Dethroned as Top Source of Mobile Malware


— Devin Coldewey, NBC News