Today I received a very interesting e-mail. An e-mail purportedly sent by CEF warning that my “Box ® account is still with the Security Accession pending” and directing that “for new transactions made through our Internet-Banking is membership is mandatory“. Of course I suspected it was a scam as soon as the CEF would not leave an e-mail that is sent with error Portuguese! “It”, with acute before accession, is a glaring error!
Jokes (and disability in the Portuguese language “editors”) to partner, the matter is very serious and needs to be treated as such. Internet scammers are increasingly intelligent, creating mechanisms to trick users, working increasingly social engineering to convince the victim of the veracity of the information.
If you want to read the whole post with the explanation of how to spot a fraudulent email, note only the tip below and you'll never have your bank details stolen!
No bank sends email to the customer asking him to install any program! Therefore, ignore any email of this type!
Following the golden rule above you will remain protected without the virtual thieves install malicious programs on your computer. If you want to learn in detail how to detect these fake emails then read the post.
The fake e-mail
Here below the said e-mail I received, with the subject “Dear(a) – Accession ultimately be
How to spot a fake e-mail
The first detail in this particular case is that I do not have and never had any account in CEF, but, if this is not your case, follow the details below to detect if the email is genuine or not.
Check that the sender is the same institution that is said to be. If this e-mail the sender is such a “[caixa.gov.br] <caixa@gov.br>“. There is the possibility of message being “@ Gov.br“, because this structure is not permitted.
The term “.br” is top-level domain country code and the “.gov” is generic Top Level Domain and the latter requires that a domain be defined. Messed too? Simplifying, and having their own CEF as an example, the domain is the word “box” and, therefore, an e-mail address would be something like any-thing @box.gov.br . Understood? The word box like domain precedes the generic Top Level Domain “.gov”.
After checking the sender, always check where the links are pointing email. In the case of blue links with text caixa.com.br, these are actually pointing to the address caixa.com.br, which when clicked, are automatically redirected to www.caixa.gov.br, Because the Domain “caixa.com.br” is also the official EFC.
The problem this e-mail discover-is the link button “START REGISTRATION“. This points to the fake address http://caixaacesso1.no-ip.org/previna-se /?
After all the domain class and top domain I gave up now you already recognize that the area at that address is “no-ip“. The site www.no-ip.gov is a service that allows anyone to create a web address to visit a site on any computer in the world.
The fraudsters did was create a copy of the site's Box at some of their home and computer generated fake address to point to this computer.
Neck do what I did, but just accessed the address and copied some screens for you to compare to the official site of Savings. Here are the pictures below:
Site Falso
Official Website
The main difference is there in the browser address bar, that the official website is as www.caixa.gov.br and false is as caixa-atendimento.no-ip.org. Separated two more screens, Now showing the area of Internet Bank, where the bad guys really will catch your data:
Site Falso
Official Website
Now you can see that the main difference is again on the right page address?
This post was to warn of this type of scam that is very common on the Internet and not only does the Federal Savings Bank and other Brazilian banks. It also happens with sites like IRS, Petrobras, airlines, ministry of finance and other companies that are well known by the public.
On the web site Good Tip has a page with a huge list of fake emails they have already cataloged.
I hope you enjoyed the post and never fall for this scam.
Pingback: Mail virus! Guide how to open your email. - Ocionéticos
I received a fake email from the Bank of Brazil but not own account on the same.
Olá Bruno! Always read your emails, which by the way signed up to receive them (rs). A long time I have received emails from several banks, including those who have accounts, but we know that, Banks do not send kind of emails some. Equally, RFB and other Public Body. When we're already calloused, it becomes easier to know which are false, and, it Gmail is very good, pq. there are tools to denounce, when they “pass” the sieve. A hug.
Maria Oil!
I never received a comment like yours, a person accompanying the news of my Blog for newsletters. I am very happy to be enjoying the content.
With respect to your theme, It is certíssima. Banks do not have the habit of writing emails to your customers and let alone the RFB.
Congratulations on your consciousness only open emails reliable.
Thanks again for the comment.
Abs!
Pingback: Opt for the opt-out and live happier! Clean your e-mail box
Hello, I also received an email similar, however, Bank of Brazil, time I realized it was not fraud because I have account on BB. Thanks for the post.
I received an email saying the Bank of Brazil with bank logo warning me being protested a debt with my bank saying that advance depósotos in my checking account,of eleven thousand and real setencentos,in a registry office in Brasilia,and if I want to pay the debt I emprimir prepared by an invoice sent me,for someone in the 6pagamento Ceará.Incluzive the installments have pagamentos.Já blows up in installments 5 ,6 or within seven parcelas.Como not have a current account in the bank at the time,and never asked for advance deposits,of course it should be blow.
Lauri, I've never seen an email like this as, but by your description, must all face being hit. How or bank account that you have, delete the email and ignore the next may well reach.
Hello good evening,
Today I received an e-mail similar to this, however the most curious is q actually had my correct data.
full name, CPF and can tell me if it's true? and ñ is how they got my SSN?