The extraordinary withdrawal of up to R$1,000 from the FGTS to 42 million workers caught the attention of scammers and fraudsters who, taking advantage of security flaws, managed to steal the money made available by the federal government.
Supermarket stocker PH* and his friend IO* went to a Caixa Econômica branch in Rio de Janeiro to make the extraordinary withdrawal, when they were surprised by the news that there was nothing in their accounts.
“I faced a huge queue and it had no value. My security data was changed, such as the withdrawal digits, and even my application password,” he said.
According to PH, the agency was able to resolve the issue “in less than a minute,” and he made the withdrawal. However, his friend IO was not so lucky. “Her money had already been withdrawn and transferred to another account,” she said.
The young woman believes that her documents were used to defraud the Caixa Tem app. In May, it was stolen in the region of Pedra do Sal, a historic monument near Largo da Prainha, in Rio de Janeiro. The thieves took a bag with documents inside it.
“I think the security of this app should be much more advanced, since to operate the account there is no need to visit any branch. It is only necessary to validate the personal data in the app. Now, in addition to the fear of being robbed, we have to think if our data will be used in the future because of this theft,” he said.
security flaw
For Mathias Naganuma, an expert in cybersecurity, the Caixa Tem app cannot be considered safe. “While it has identity validation steps, there are several security flaws that leave room for fraudsters to act,” he said.
“For example, many criminals gained access to Caixa Tem using a printed photo of the victim”, added the professor at Impacta Tecnologia college.
Another problem is that the account in the application, with the money from the extraordinary FGTS withdrawal, is created automatically, even if the workers have not requested the benefit.
“Therefore, the first recommendation is to install Caixa Tem and register. With this, it is possible to identify if someone has already opened an account in your name and minimize the risks of fraud. If you cannot register because there is already another registered user , you will have to go to a Caixa Econômica Federal branch”, explained Naganuma.
I had my data leaked: what to do?
Professor Mathias Naganuma recommends that, in case of leaked data, the consumer file a police report. “Preferably, bring information that proves the misuse of documents. That way, if a crime happens, at least there is a previous record that your data was exposed,” he said.
The cybersecurity expert also asks people to be more careful with sensitive data, such as date of birth, mother’s name, address, among others.
“Although we are asked daily for the CPF number for purchases or registration, it is extremely important not to lend documents under any circumstances”, he said.
“Not only Caixa Tem faces fraud problems, but some digital banks as well, in which criminals — in possession of the victim’s document — manage to open a bank account in the name of third parties for illicit operations.”
what the box says
In a note sent to UOLCaixa Econômica Federal said that it “continuously improves the security criteria for accessing its applications and financial transactions”.
According to the institution, the best market practices are adopted in the Caixa Tem app and constant improvements are also made to avoid actions by fraudsters and scammers.
Among the security functions are: data validation, password authentication, document validation and second authentication step.
“The bank clarifies that all information on suspected fraud is considered confidential and passed on exclusively to the Federal Police, for analysis and investigation”, says the text.
If the worker has had problems with the extraordinary withdrawal of the FGTS, Caixa asks him to go to a bank branch, carrying a CPF and identification document.
“In the event of an unrecognized movement, the disputes are analyzed by a specialized team and, for valid cases, the amount is reimbursed”, completes the bank.
*Names have been withheld at the request of respondents.
