🚨 “Court of Justice” Scam Uses Leaked CPFs to Steal Money via Pix

Cybercriminals use phishing SMS, fake lawsuits, and cloned websites to deceive victims across Brazil

A new wave of digital scams is raising concerns among cybersecurity experts and users nationwide. Cybercriminals are using leaked CPF databases (Brazilian taxpayer ID numbers) to commit fraud through Pix payments, posing as official judicial authorities.

The scheme begins with SMS messages that appear to come from Brazil’s Federal Justice system. Victims are warned about alleged irregularities linked to their CPF and threatened with frozen bank accounts and seized assets if they fail to take immediate action.

The urgent tone is designed to pressure users into acting quickly without verifying the information.

---

🔐 How the Fake Legal Case Scam Works

Like traditional phishing attacks, criminals rely on social engineering techniques to convince victims to click on malicious links, often disguised as secure URLs such as “hxxps://pagamento-seguro.pro.”

Once accessed, users are redirected to a website that closely imitates the official Judiciary portal. From there, the platform begins collecting sensitive personal and financial information.

The site requests the victim’s CPF number and, after it is entered, displays real personal data such as full name and date of birth, making the scam appear legitimate.

---

⚖️ Fake Fine and Psychological Pressure

To strengthen the deception, the website displays a fake court case number, simulating an official legal proceeding. Victims are then asked to pay a fine of over R$800 via Pix.

In addition, a 10-minute countdown timer is shown, creating a strong sense of urgency. This psychological pressure often leads victims to complete the payment without questioning the authenticity of the charge.

---

🕵️ Attempts to Hide Financial Trails

To avoid detection, the criminals split payment processing between different systems. Some transactions were routed through FusionPay to a company in Brasília, while others went through FusionPayBR/7Trust to Goiânia.

This strategy was intended to complicate money tracking and ensure the scheme could continue operating even if one account was blocked.

However, the operation was exposed after hackers left server logs publicly accessible. This allowed security researchers to detect the fraud in real time and access full records of bank transfers and API keys.

---

⚠️ How to Protect Yourself from Similar Scams

Cybersecurity experts recommend the following precautions:

• Be suspicious of messages with excessive urgency;
• Avoid clicking on links received via SMS or email;
• Always check official government websites directly;
• Never share personal data on suspicious pages;
• When in doubt, contact your bank or official authorities.

Staying alert and verifying information remain the best ways to prevent financial losses.