Portuguese 
English 
Spanish 
5 min of reading 
0 comments 
The scam that hit Jovem Pan showed how a convincing approach, an official-looking link, and the provision of credentials can open the way for a lightning sequence of Pix transfers, turning minutes of inattention into a high and difficult-to-reverse loss
The scam that hit Jovem Pan exposed the speed with which financial frauds can empty a company’s account in Brazil. The broadcaster lost R$ 175.3 thousand after a criminal, pretending to be a Bradesco manager, made contact by phone and claimed to need to enable a supposed “corporate chat”. From this contact, an employee was instructed to access a fraudulent link and provide access credentials, such as username, password, and tokens.
The case occurred on September 29 of last year and, in about 40 minutes, the intruder made 18 Pix transfers until the fraud was noticed. The episode gained repercussion because it shows a type of scam that does not depend on sophisticated invasion of the company’s system, but on a persuasive approach, made in real-time, with an institutional appearance and step-by-step guided by the criminal themselves.
How the scam started and gained account access
According to the UOL Portal, it all started with a phone call. The criminal introduced himself as a Bradesco manager and said it was necessary to activate a faster and more efficient service channel, called corporate chat. The strategy was to create an environment of urgency and legitimacy to convince the victim to follow instructions without suspecting fraud.
-
Brazilian second-crop corn ethanol receives IMO approval with a footprint of 20.8 g CO₂ per megajoule, surpasses the US, and gains an advantage in the race to supply ships with biofuel.
-
Brazil’s largest pulp mill advances with a R$ 25 billion investment, reaches 55% completion of works, mobilizes 13,000 workers, and lifts a boiler with a 500-ton crane, on track for operation in 2027.
-
Ambev surprises the market with a historic beer record in Brazil, driven by premium brands, while a rival faces a decline and intensifies the sector dispute.
-
Zero fare could become the “new Bolsa Família” for buses and trains, easing the financial burden on families and injecting R$ 60.3 billion into the economy.
Subsequently, the con artist sent a fraudulent link with an institutional appearance and guided the broadcaster’s employee through each step of the supposed installation. The decisive point of the scam was the sequential delivery of access credentials, which gave the criminal the necessary conditions to access the account and initiate transactions.
The numbers that explain the dimension of the fraud
The case draws attention mainly due to its speed. In approximately 40 minutes, 18 Pix transfers were carried out, totaling R$ 175.3 thousand diverted from Jovem Pan’s account.
This volume of sequential transactions is the most impressive data. It was not an isolated operation, but a rapid succession of financial outflows in a short period, which turns the case into a relevant alert for companies operating with corporate bank accounts and digital authorization routines.
Why this scam raises an alert for companies
The fraud exposes a common vulnerability in corporate environments: trust in contacts that appear legitimate and the execution of banking procedures guided by third parties in real-time. When the criminal masters the conversation script and uses language compatible with business routines, the risk of adherence increases.
The Jovem Pan case shows that the scam doesn’t need to start with a visible system failure in the company, but rather with a well-orchestrated approach and an apparently trustworthy link. It is precisely this mix of urgency, institutional appearance, and step-by-step instruction that makes the scheme so dangerous.
What happened after the transfers
After the loss, Jovem Pan sued Bradesco, arguing that the pattern of transfers should have triggered a stronger preventive response. The broadcaster pointed out that there were several similar operations, in sequence, and some directed to the same accounts, which, according to its understanding, would require containment proportional to the risk.
In the unfolding of the case, however, the Court rejected the request for restitution. Judge Rossana Luiza de Faria, from the 9th Civil Court of Osasco, considered that the fraud originated outside the environment controlled by the bank and highlighted that the company’s representatives clicked on the link, followed the con artist’s instructions, and fully provided the access credentials.
The most significant point in the case
The bank’s security system even contacted the broadcaster to question the regularity of the transactions, and the representatives confirmed that they were valid. This detail makes the episode even more emblematic, because it shows how the scam managed to bypass not only the initial access stage but also a subsequent verification layer.
This is one of the toughest aspects of the case; the fraud was not sustained only by the initial invasion, but also by the ability to maintain the appearance of normality during the movements themselves. When this happens, reaction time decreases even further.
How the bank described the fraud
In its defense, Bradesco stated that the lawsuit attempted to transfer to the institution a responsibility that, according to the bank, resulted from the victim’s own delivery of credentials to the criminal. It also argued that there was no failure in the security system and that fraudsters use sophisticated strategies to exploit moments of victim inattention.
This position reinforces an important aspect of the episode. The scam was built much more on social engineering than on a traditional technical invasion. In other words, the criminal needed to convince, guide, and induce the victim’s action to enable large-scale diversion.
What this episode shows about current scams
Cases like this help to understand why financial frauds continue to advance even in environments with protection systems and alert channels. The criminal acts not only as a digital thief but as someone who plays a role, reproduces the bank’s language, and leads the victim to collaborate with the fraud itself.
In the Jovem Pan case, the scam brought together several elements that increase the power of persuasion: phone calls, authoritative discourse, promise of efficiency, institutional-looking links, and detailed guidance. This combination transforms a common fraud into an extremely fast operation with high potential for damage.
The alert for the corporate environment
The episode serves as a warning because it shows that companies are also vulnerable targets, especially when the criminal takes advantage of operational routines, trust in banking contacts, and haste in validating procedures. In business accounts, the potential for damage is usually greater precisely because of the volume that can be moved in a few minutes.
The case shows that the risk is not just in the click itself, but in the entire chain of trust that forms from it. When the victim believes they are speaking with a legitimate representative and begins to follow instructions without interrupting the process for independent verification, the scam gains ground very quickly.
The outcome does not yet close the alert
According to the UOL portal, it informs that Jovem Pan can still appeal. But, regardless of the subsequent path, the case has already established itself as a strong portrait of the type of fraud that today threatens companies in the country.
More than the value lost, what makes this story impactful is how it all happened: 18 Pix transactions in sequence, R$ 175.3 thousand diverted, and only 40 minutes between the first access and the realization of the loss. The short time between the approach and the loss is precisely what makes this episode such a serious warning.
If a phone scam managed to empty R$ 175,000 in 40 minutes within a well-known company, how many other similar operations might be happening without the loss being perceived in time?
Be the first to react!