In December, while the city becomes festive, smartphone notifications become unusually noisy. Sales, travel, delivery notifications, points, and miles expiration…. As tasks increase, people tend to skip "checking tasks." This is where so-called **social engineering (fraud that manipulates emotions to prompt actions)** comes into play. The end of the year offers plenty of bait, like "the package you were waiting for," "miles you want to use," and "great upgrades." Kaspersky highlights five common tactics in December and provides specific self-defense measures. InfoMoney

※This article is based on Kaspersky's warning introduced by Brazilian media InfoMoney (published on December 23, 2025) and has been restructured with background explanations and countermeasures for Japanese readers. InfoMoney

First to Understand: What are PIX and CPF?

The five tactics this time exploit systems unique to Brazil (PIX = instant transfer, CPF = taxpayer number). In Japan, PIX would be like an "instant transfer app", and CPF is akin to a **"My Number-like identification number."** Essentially, hinting at "money transfer, identity verification, or public institutions" makes people more likely to comply reflexively. The tactics of PIX fraud are so widespread that they are being academically classified and studied. arXiv

1) "You have received a PIX" scam: Makes you feel like you've gained and directs you to a "different site"

Tactic: An SMS from an unknown sender arrives, inviting you to "click the link to receive a PIX deposit." However, the link leads to an online gaming site (e.g., so-called "tigrinho"), where you are told "a release fee is required" or "registration is necessary." InfoMoney

Outcome: Not only is the money paid as a fee taken, but personal information provided during registration is also stolen. InfoMoney

Countermeasures (Highly Specific)

• Do not "receive" fromlinks. If you have any idea, open your bank/payment app yourself and check the history.

• Do not pay even a "small fee." Small amounts are a common tactic to lower psychological barriers. InfoMoney
  
  

2) Delivery "additional charges (tax/fee)" scam: Gains trust by showing name and CPF

Tactic: Messages surge during times when people are waiting for deliveries, such as after Black Friday. Emails or SMS claim "a fee is required for your package" and prompt payment on a fake page linked. The screen shows a PIX QR code, and the amount is relatively low. InfoMoney

Outcome: The money paid is sent to a "borrowed name account," making recovery difficult. Variants impersonating major delivery companies also exist. InfoMoney

Countermeasures

• Track delivery status bymanually entering the tracking number on the official app/website. Do not click on SMS links.

• Do not be reassured even if personal information (name, CPF) appears. It's just making it look "legitimate" with leaked information. InfoMoney
  
  

3) "CPF is invalid (canceled)" scam: Mimics government sites to lure into "payment"

Tactic: Emails impersonating tax authorities, central banks, or federal police arrive. The link leads to a fake site resembling gov.br, displaying address, work booklet information, and sometimes parent information, urging "your CPF is fraudulent. Pay a fee for regularization." Variants include chat windows that guide you in a conversational manner. InfoMoney

Outcome: Money paid via PIX goes to a borrowed name account. Recovery is difficult. InfoMoney

Countermeasures

• Always doubt "payment links" claiming to be from public institutions.

• Access official sites bymanually entering the URL (do not use email links). InfoMoney
  
  

4) "Miles expiration" scam: Pinpoints anxiety before travel

Tactic: SMS/emails notify "miles have expired/are about to expire" and prompt clicking a link. The transition leads to a fake site resembling official points/miles services. InfoMoney

Outcome: Login information is stolen, and miles disappear as unauthorized tickets are issued. InfoMoney

Countermeasures

• Check expiration dates onofficial apps of card companies/airlines.

• If two-factor authentication is available, always turn it on (create a situation where "even if stolen, they can't log in").
  
  
  

5) "Credit card free upgrade" scam: Targets the wealthy, stealing "bank login"

Tactic: Impersonating major banks, they send sweet offers via SMS/email for "free upgrades to cards with many benefits." The link prompts entering account access information. InfoMoney

Outcome: The obtained information is used for other frauds (additional scams). InfoMoney

Countermeasures

• First, verify if "free upgrades" are officially announced.

• Do not enter bank login information on linked sites (the criterion is whether it can be processed via the app).
  
  
  

The "indistinguishability" in the AI era adds to the challenge: URL verification is the last line of defense

Previously, "unnatural Japanese (Portuguese)" and "typos" were points of distinction. But now, AI can refine text and create convincing fake sites. Therefore, small differences in **URL (domain)** become the biggest clue. One-letter differences resembling official names, unnecessary dots, and misleading subdomains are danger signals. InfoMoney

Kaspersky's "10 Rules of Self-Defense" translated into "actions" (Highly Practical Version)

InfoMoney's article lists ten effective countermeasures for the end of the year. The key points are "take a breath before clicking," "return to official routes," and "minimize damage." InfoMoney

• Doubt offers that are too good to be true (especially limited discounts and special invitations) InfoMoney

• Do not trust even if personal information is displayed (creating a "genuine feel") InfoMoney

• Words that stir emotions are the fuel of fraud (urgency, fear, favor) InfoMoney

• Return to official sites/official apps (open them yourself, not through links) InfoMoney

• ##HTML_TAG_525