Cybercriminals use fake bank receipt scam on WhatsApp to steal financial data

Cybercrime continues to evolve, adopting new tactics to deceive unsuspecting users. A recent strategy identified by cybersecurity firm ISH Tecnologia has raised concerns due to its effectiveness in using WhatsApp to spread malware and steal banking credentials. The scam begins with a message containing a supposed pending bank receipt, usually accompanied by a compressed file in “.zip” format. The message, crafted persuasively, urges the recipient to open the attachment. However, upon doing so, the user inadvertently installs malware that infiltrates the operating system, silently collecting financial data.

The method employed by cybercriminals relies on executing a malicious script directly in the device’s memory, bypassing conventional antivirus defenses. This technique prevents the threat from being easily detected, allowing the attack to proceed undetected. The malware’s primary objective is to steal banking credentials by accessing sensitive information stored on the phone or computer.

The widespread use of WhatsApp in Brazil makes this type of scam particularly dangerous. With over 147 million users in the country, the app has become one of the primary communication channels and, consequently, a preferred target for cybercriminals. The speed of message exchanges and users’ trust in frequent contacts make this scam even more effective, as victims are more likely to download attachments without suspecting malicious intent.

How the fake bank receipt scam on WhatsApp works

Cybercriminals use various methods to deceive users and convince them to open the infected file. The scam follows a well-defined structure:

• Initial contact: The victim receives a message about a supposed bank transaction, mentioning an accidental transfer, a pending deposit, or a bill that needs confirmation.
• Malicious file: The attached bank receipt is sent as a compressed “.zip” file containing hidden malware.
• Malware execution: Upon opening the file, the operating system runs a malicious script, compromising the device’s security.
• Credential theft: The malware begins monitoring banking activities, capturing passwords, authentication tokens, and financial data.
• Bank fraud: With stolen credentials, cybercriminals perform fraudulent transactions, directly draining victims’ accounts.

This attack method has proven highly effective, primarily because it uses native Windows tools to execute malicious code. As a result, the attack occurs directly in the system’s memory, making it difficult for traditional antivirus programs to detect and neutralize the threat.

Financial impact and risks for individuals and businesses

Cyber scams have caused millions in financial losses in Brazil, affecting both individuals and businesses. According to cybersecurity reports, financial fraud involving stolen banking credentials has increased by more than 40% in recent years. The use of apps like WhatsApp and Telegram to distribute malware has become one of the primary strategies for criminals.

Mid-sized and large companies are also targets of these scams. Employees receiving fake messages and opening malicious attachments can compromise internal systems, facilitating data breaches and corporate financial fraud. With the increase in cyberattacks, security experts emphasize the need to reinforce digital protection for both businesses and individual users.

Tips to protect yourself from the fake bank receipt scam

ISH Tecnologia recommends several measures to minimize risks and avoid falling victim to this scam. Key preventive actions include:

• Be skeptical of suspicious messages: Avoid opening files from unknown senders or messages requesting unexpected payments.
• Verify the sender’s identity: Before opening any attachment, confirm with the sender whether the content is legitimate.
• Enable two-step verification: This feature on WhatsApp increases account security and makes unauthorized access more difficult.
• Avoid clicking on suspicious links: Many scams use shortened URLs to redirect victims to fraudulent websites.
• Keep the operating system updated: Regular updates help fix vulnerabilities that could be exploited by criminals.

Evolution of scams on WhatsApp and cybercriminal strategies

Using WhatsApp for scams is not new, but criminals continuously refine their methods. In recent years, cyberattacks exploiting social engineering and fake messages have become more sophisticated and harder to detect. Some of the identified strategies include:

• Fake bank support messages: Messages impersonating banks that request user verification.
• WhatsApp account cloning: Hijacking accounts to request money from victims’ contacts.
• Phishing through malicious links: Sending fraudulent URLs to steal passwords and personal information.
• Installation of fake apps: Encouraging victims to download malicious applications that monitor user activity.

As digital banking services expand, so does the frequency of scams exploiting user trust. In Brazil, the number of reported cyberattacks reaches millions annually, making digital security an increasingly important concern.

What to do if you suspect a cyberattack?

If a user suspects they have fallen victim to a scam, immediate actions can minimize damage and prevent further fraud. Recommended steps include:

• Change banking and financial app passwords immediately after noticing suspicious activity.
• Contact the bank to report the potential fraud and request temporary account freezes if necessary.
• Restore the device to factory settings if malware has been installed.
• Report the incident to authorities to assist in cybercrime investigations.

Law enforcement and cybersecurity firms continuously work to identify and neutralize emerging threats. However, user awareness remains the most effective way to prevent scams and reduce financial losses caused by cyber fraud.