Fraud prevention alert

The fraud landscape is evolving rapidly, with the continuous emergence of increasingly sophisticated methods. The adoption of preventive measures and heightened vigilance is recommended whenever there is contact from unknown senders or interlocutors, in order to mitigate risks to your security and that of your organization.

As part of UBS security protocols, in certain situations you may be asked to confirm specific identification information during call‑back procedures. However, we emphasize that UBS will never, under any circumstances, request sensitive information—such as access credentials (e.g., username or password)—by phone, email, or text message (SMS).

Common types of fraud

Deepfake: Highly Realistic Videos and Calls

Fraudsters exploit deepfake technology to manipulate faces and voices in videos or phone calls with a high degree of realism. These techniques may be used in scams such as “fake relative” schemes and investment fraud, among others.

Security guidance:

  • Be suspicious of unexpected requests to transfer funds, even if the voice or video appears familiar.
  • Return the contact using a known and trusted phone number to verify the situation.
  • Be cautious of investment recommendations allegedly made by celebrities.

Phishing: Fake Links

Fraudsters send emails or text messages containing links to fake websites, impersonating trusted senders such as banks, delivery services (e.g., Correios, DHL), streaming platforms (Netflix, Spotify), or online retailers. Victims may be prompted to enter sensitive information such as credit card details, SMS codes, banking information, card security codes, and passwords. This data can then be used for unauthorized purchases or illicit access to e‑banking.

Security guidance:

  • Be suspicious of unexpected messages requesting sensitive data or urging you to click on links.
  • Always verify the website URL. UBS websites always include “.ubs.com/” in the address bar.
  • If in doubt, contact the company through an official channel.
  • If you are interested in an offer and believe it may be legitimate, access the official website by typing the address directly into your browser.

Telephone Fraud: Calls from Fake Bank Employees or Authorities

Criminals contact victims posing as bank employees, police officers, or government representatives. They claim security issues, ongoing investigations, or urgent situations to pressure victims into acting quickly, handing over valuables, or providing confidential information.

Security guidance:

  • If in doubt, hang up and return the call using an official number.
  • Never hand over cash, credit or debit cards, or valuables to unknown individuals.
  • Never disclose digital banking access numbers, card PINs, or passwords.
  • Scan QR codes exclusively from the E‑Banking login page using the Access app—never from emails or text messages.

Investment Fraud: Promises of Unrealistic Returns

Fraudsters lure victims with promises of high returns, such as alleged cryptocurrency investments. They use social media, dating platforms, or phone calls. To gain credibility, they may even run fake advertisements featuring images of celebrities.

Security guidance:

  • Be skeptical of investments that seem “too good to be true,” especially when there is pressure for immediate decisions.
  • Verify the service provider and confirm whether both the offeror and the investment are regulated by legitimate authorities. If in doubt, seek a second opinion from your client advisor.
  • Be wary of individuals claiming to be lawyers or government representatives who promise to recover lost funds in exchange for payment.

Romance Fraud: Emotional Manipulation

Fraudsters pose as romantic interests or people with emotional ties (e.g., a friend, acquaintance, or even a relative) in online environments, simulating emotional involvement to build trust. Over time, they request money for emergency situations such as medical or financial problems, or to “help” with unforeseen events. The scam may last for months, with repeated requests and excuses to avoid in‑person meetings or stronger forms of verification.

Security guidance:

  • Be cautious of people met online who express intense feelings at an early stage but avoid in‑person meetings or simple validations (such as a video call).
  • Never transfer money to individuals you have met only online, even in emergency situations—including those claiming to be friends or relatives.
  • Exercise extra caution if investment proposals with promises of high returns arise.

Invoice Fraud: Fake Invoices

Criminals impersonate suppliers or employees, often using email addresses similar to legitimate ones, to send fraudulent invoices or request changes to bank details (e.g., IBAN) with the aim of diverting funds.

Security guidance:

  • Verify unusual payment instructions, establish clear approval processes, and review them periodically.
  • Conduct regular training on the main types of payment fraud.
  • Never disclose digital banking access numbers, credit or debit card PINs, or passwords.