INSS has been intensifying the fight against cyber fraudINSS/Disclosure
Published 04/24/2024 15:24
The National Social Security Institute (INSS) is fighting a constant battle against fraudulent activities in the digital environment, a practice that threatens 39.9 million social security benefits. With an annual volume of around R$979 billion in benefits, the authority faces growing challenges in the cybercrime scenario.
Among the main scams detected by the INSS are methods such as phishing, identity theft, presentation of false documents and creation of fictitious holders. These practices harm not only the social security system, but also the beneficiaries who have their personal data compromised.
To combat these threats, the INSS has adopted proactive measures, such as blocking credits and suspending suspicious benefits, in addition to representing the competent authorities to investigate and punish the criminals involved. Furthermore, it uses two-step validation in the Meu INSS application, which aims to ensure greater security in transactions.
The General Coordination for Monitoring and Administrative Charging of Benefits (CGMOB) works on active monitoring to detect and stop inauthentic actions. Since 2022, these actions have resulted in the identification of fraud, avoiding losses to Social Security.
Additionally, to further strengthen its defenses against fraud, INSS is adopting advanced technological solutions, including artificial intelligence (AI), to analyze benefit data.
These solutions enable early identification of fraudulent activities, reducing the number of false positives and directing operational resources more effectively.
With a data-based approach and advanced technology, combined with other security measures, INSS seeks to protect Social Security resources and ensure the integrity of its benefits system in an increasingly challenging digital environment.
Check out the main frauds detected
Phishing – Phishers — or “data fishers” in free translation — send false emails or messages to beneficiaries pretending to be the INSS. The intention is to make policyholders, dependents and beneficiaries click on suspicious links to capture personal information and passwords to access benefit data.
Identity theft – In this trap, actions by criminal groups steal personal information through various modus operandi and impersonate policyholders and citizens to fraudulently request benefits and services.
Presentation of false or adulterated documents and insertion of false data into systems – When applying for social security benefits and services, false or ideologically false documents are presented, as well as the actions of criminal groups exploiting digital applications and demands for personal, labor and social security information to insert false data into government databases and computerized systems of Social Security, with the aim of proving work incapacity, dependency and employment relationships, work activities and social security contributions, aiming to fraudulently obtain benefits such as disability assistance, retirement, maternity pay and death pension.
Fictitious holder – The gangs forge civil registration documents such as birth certificates and identity (RG and CPF), “creating individuals” to obtain the Continuous Payment Benefit (BPC) to support the elderly.
Fraud identification
The need to identify and mitigate benefit fraud has become a priority for the authority, especially considering the significant financial impact that these fraudulent activities can have. To date, active monitoring work has resulted in the identification of a significant number of frauds and possible losses, highlighting the importance of improving detection and prevention methods.
According to Fernanda Doerl, coordinator of CGMOB, the active monitoring work, carried out since 2022, in addition to detecting fraud structured in benefits, allowed the identification of situations associated with security incidents, so that the actions now include an action jointly with the Cyber Incident Prevention, Treatment and Response Division Team linked to the Technology and Information Directorate (DTI), with the purpose of evaluating and containing threats.
In 2022 and 2023, the monitoring actions carried out – even in a non-automated way and without the use of advanced technologies on any scale – made it possible to identify around R$ 269.8 million in potential losses as a result of irregular procedures indicative of a cyber incident associated. During the period, 252.4 million benefits were blocked. In other words, losses were avoided in 93.5% of these situations, as a result of active monitoring work.
