SÃO PAULO – A new report shows the majority of digital banking fraud now takes place on mobile devices and, according to BioCatch data, the majority of those mobile devices appear to have been stolen immediately prior to when the fraud takes place.
Along with stolen devices, BioCatch – the global leader in digital fraud detection and financial crime prevention powered by behavioral biometric intelligence – highlights malware and social engineering scams (particularly bank impersonations) as the most prevalent types of fraud plaguing Brazil in 2024, resulting in an estimated $500 million in losses every year.
“In a ‘falsa central’ social engineering scam, fraudsters pose as bank representatives or customer service agents, calling victims from vast call centers that specialize in these types of scams and conning them into revealing sensitive personal and financial information,” BioCatch Director in LATAM Cassiano Cavalcanti said. “Scammers then launder the money they steal from victims through sprawling networks of mule accounts, making the identification and shutdown of these mules vital to combatting fraud and financial crime both in Brazil and around the world.”
BioCatch reports 20% of the Brazilian population has fallen victim to a financial fraud in the last year, while 40% have done so in their lifetimes.
Other key report findings:
Fraudsters love Pix: In 2022, more than 70% of Brazil’s total fraud losses stemmed from transactions on the instant payment platform.
Romance scams pose dangers: In São Paulo, law enforcement linked 90% of kidnappings in the city to scams initiated through dating apps.
Workers targeted: More than 80% of social engineering scams in Brazil take place within normal business hours.
Behaviour doesn’t lie: BioCatch recorded signs of distraction in 40% of fraudulent transactions, while seeing a burst of activity immediately prior to the scam taking place 60% of the time.
“When a transaction is fraudulent,” BioCatch Director of Global Fraud Intelligence Tom Peacock said, “we observe a spike in activity from the accountholder’s legitimate device often followed by a new login from a device we’ve never seen before. This is social engineering in action. The scammer manipulates the victim with a fake – but very believable – story, coercing them into logging into their digital banking app and sharing information like one-time-password codes, so this bad actor can execute payments from their own device.”