픽스 사기 수법의 진화와 대응 전략

📝 Abstract

This work presents a review of attack methodologies targeting Pix, the instant payment system launched by the Central Bank of Brazil in 2020. The study aims to identify and classify the main types of fraud affecting users and financial institutions, highlighting the evolution and increasing sophistication of these techniques. The methodology combines a structured literature review with exploratory interviews conducted with professionals from the banking sector. The results show that fraud schemes have evolved from purely social engineering approaches to hybrid strategies that integrate human manipulation with technical exploitation. The study concludes that security measures must advance at the same pace as the growing complexity of attack methodologies, with particular emphasis on adaptive defenses and continuous user awareness.

💡 Analysis

This work presents a review of attack methodologies targeting Pix, the instant payment system launched by the Central Bank of Brazil in 2020. The study aims to identify and classify the main types of fraud affecting users and financial institutions, highlighting the evolution and increasing sophistication of these techniques. The methodology combines a structured literature review with exploratory interviews conducted with professionals from the banking sector. The results show that fraud schemes have evolved from purely social engineering approaches to hybrid strategies that integrate human manipulation with technical exploitation. The study concludes that security measures must advance at the same pace as the growing complexity of attack methodologies, with particular emphasis on adaptive defenses and continuous user awareness.

📄 Content

A Taxonomy of Pix Fraud in Brazil: Attack Methodologies, AI-Driven Amplification, and Defensive Strategies Glener Lanes Pizzolato, Brenda Medeiros Lopes, Claudio Schepke, Diego Kreutz Graduate Program in Software Engineering (PPGES) Advanced Computing Studies Laboratory (LEA) & AI Horizon Labs Federal University of Pampa (UNIPAMPA), Alegrete, Brazil Abstract This work presents a review of attack methodologies targeting Pix, the instant payment system launched by the Central Bank of Brazil in 2020. The study aims to identify and classify the main types of fraud affecting users and financial institutions, highlighting the evolution and increasing sophistication of these techniques. The methodology combines a structured literature review with exploratory interviews conducted with professionals from the banking sector. The results show that fraud schemes have evolved from purely social engineering approaches to hybrid strategies that integrate human manipulation with technical exploitation. The study concludes that security measures must advance at the same pace as the growing complexity of attack methodologies, with particular emphasis on adaptive defenses and continuous user awareness. Index Terms Pix, digital fraud, financial cybersecurity, social engineering attacks, instant payment systems, fraud taxonomy, behavioral analysis, attack methodologies, artificial intelligence in fraud, deepfakes, credential compromise, remote access malware, feature exploitation, phishing, scam detection, fraud mitigation, security controls, threat modeling. I. INTRODUCTION Pix, launched by the Central Bank of Brazil (BCB) in November 2020, quickly became the most widely used means of payment in the country, surpassing traditional methods such as TED, DOC, payment slips, and card transactions. Its large-scale adoption is due to its continuous availability, instant transfers, and operational simplicity through Pix keys [1]. Since its launch, the number of transactions and the amounts moved have grown rapidly, reaching tens of billions of operations per year [2]. The expansion of this system, however, has brought significant security challenges. Despite the mechanisms implemented by the BCB, incidents involving the leakage of registration data [3], social engineering scams, and express kidnappings have increased significantly after the introduction of Pix. In addition, the reduced use of physical cash has changed the criminal dynamics in the country, as pointed out by international studies that associate digital payments with lower rates of property crime. Recent cases, such as attacks involving the company Sinqia and the largest Pix-related theft ever recorded in Brazil, reinforce the critical nature of this issue. In this context, the objective of this work is to identify and describe the main attempted attacks involving Pix transactions, to map their characteristics, and to propose a taxonomy that groups scams by type or similarity. It also seeks to analyze the role of Artificial Intelligence both in the execution of fraud and in the mitigation strategies adopted by financial institutions. To this end, attack methodologies, existing classifications, and security techniques implemented to protect transactions are investigated. The central contribution includes: (a) a description of the methodologies employed in the main scams; (b) the mapping and classification of the attacks; (c) an analysis of the use of AI in offensive strategies; (d) a survey of the security techniques used by partner institutions; and (e) an investigation of the role of AI in defending against these attacks. These analyses provide a comprehensive view of the threat landscape surrounding Pix and support advances in the prevention, detection, and response to digital fraud in Brazil. II. METHODOLOGY The methodology of this work initially comprised a systematic survey of incidents and scams related to Pix, carried out through searches on news websites, specialized portals, and official leak statistics published by the Central Bank [3]. After collection, the data underwent a cleaning process, eliminating duplicates and consolidating equivalent descriptions from different sources, which made it possible to create a uniform set of attacks for analysis. Based on this consolidated set, a taxonomy was proposed, structured around three main pillars: motivation, medium, and execution. The classification of attacks was performed manually and validated with the assistance of three LLM models: GPT- 4o [4], Gemini 2.5 Pro [5], and DeepSeek-V3 [6]. Each attack was categorized according to the motivation exploited, the medium used by the attacker, and the execution method employed. Additionally, the potential use of artificial intelligence as arXiv:2511.20902v1 [cs.CR] 25 Nov 2025 a facilitating or amplifying element of the scam was evaluated, especially in stages involving the generation of convincing content or the creation of fake identities. In parallel with the anal

This content is AI-processed based on ArXiv data.