Mo' money, mo' malware. Changing demographics, plus the economic and political stabilization of the 1990s has seen the growth of the Brazilian middle class, and with it a technology boom, especially in the banking sector. However, their legal and regulatory framework has not kept pace, resulting in an environment that is especially attractive to cybercriminals, who mostly appear to originate from the younger underprivileged.
So while Brazil was one of the first countries to offer online banking services, it also needed to be ahead of the game in dealing with attacks targeting these facilities. It wasn't always successful. In 2011 the banking sector reported losses of R$1.5 billion through phishing, online theft, identity theft, online scams and credit card fraud.
Brazil is now the No.1 country for banking malware, which targets their ‘Big Four' banks and the 22 million online customers they share between them. In terms of protection, two banks offer their customers a security plug-in, while the others provide tokens, security cards or digital certificates. In practice, their effectiveness is limited, either because the cybercriminals have found out how to get round them, or because they involve customers in extra cost, which puts many of them off. Another target for fraud is social networking. Orkut is Brazil's most popular social media site and most often attacked.
As you would expect, companies in South America are evidently well aware of threats to information security, and prepared to take measures against them, more so than in other areas. A survey, which compared security practices, classed South America as ‘the new powerhouse from the South' second only to the Asia-Pacific, and often well ahead of Europe and North America.
66% of survey respondents (of which nearly half were from Brazil) reported that security spending would increase over the next 12 months. As compared with 46% of respondents from Europe and 38% from North America. These were also the companies most likely to employ a Chief Information Security Officer, to review the effectiveness of their security policies, and collaborate with others to improve security and reduce risk.Even if consumers' awareness of IT security is not all it should be, they certainly know about the risks. A recent survey of attitudes to mobile and social security in the US, the UK, Brazil and Russia revealed that, while Brazilian respondents had not been hacked to the same extent as consumers in Russia, more than 40% of them knew someone else who had been, be it a friend or family member.
They're also prepared to take measures to protect themselves, with 46% of respondents willing to share their mobile number for increased security of their accounts with online application providers. (More than in the US, where just 11% would co-operate).Identity theft was the biggest security concern for Brazilian respondents, mentioned by 44% of them, followed by a lack of control over how their information was shared (23%). Again, the opposite of the US, who were more worried about lack of control over personal information.
Other surveys presented different results. Another report found a higher than average concern among Brazilians about sharing personal information when using the mobile Internet and apps (84%). When their privacy is invaded, Brazilians are most likely to hold the mobile operator responsible (58%), followed by their national regulator or data protection authority (55%), the opposite of the pattern is seen in countries like the UK.
Right now, with the World Cup upon us, Brazil is on top of the league for phishing emails, luring fans with offers of cheap tickets to click on links to convincingly designed sites that will either infect them with malware or capture their bank or credit card information. In fact, one security specialist has reported blocking 40 to 50 fraudulent Brazilian sites every day.As one commentator put it, ‘Right now, the players and coaches are fine-tuning their tactics, game plans and strategies in order to outwit their opponents. And so are the cybercriminals.”