QR codes are becoming increasingly familiar to Vietnamese users from payment, information declaration, receiving incentives, to quick access to digital services. However, because of this popularity and convenience, bad actors have turned QR codes into a fraud tool, with a new form of attack called "Quishing".
Lost money in just one scan?
"Quishing" (a combination of "QR code" and "phishing") is a form of fraud that uses malicious QR codes to lure victims to fake websites, install malware, or make unwanted transactions.
It is worth mentioning that instead of using the form of inserting links into emails or messages, many criminals have taken advantage of QR code images - a tool that many people trust and use every day for bad purposes.
(Photo: Hanoi City Police Electronic Information Portal)
Hanoi City Police point out common "Quishing" tricks:
- Fake QR codes in public places: Overwrite or replace payment QR codes, information at restaurants, bus stations... with QR codes of other subjects to steal money when users pay.
- QR codes in phishing emails and messages: Impersonating reputable organizations to send notifications with QR codes that lead to websites that steal login information or request money transfers.
- QR codes on counterfeit products and documents: Printing QR codes of objects on counterfeit goods, virtual lottery tickets, fraudulent documents to lure users to access dangerous websites or provide personal information.
- Man-in-the-middle attack via QR code: Interferes with the scanning process, redirecting the user through a data-collecting website before reaching the real page.
Victims of "Quishing" can face many serious consequences, including:
- Stealing personal information: Leaking names, addresses, phone numbers, emails, social network accounts.
- Loss of money in account: Bank information, credit card information is stolen and illegal transactions are made.
- Device infected with malware: Installed with spyware, viruses, and data locking ransomware.
- Falling victim to other forms of fraud: Stolen personal information can be used for more nefarious purposes.
Ms. Nguyen Thi Oanh (name changed) - representative of a supermarket in Cau Giay district, Hanoi said that a few days ago, the staff at the cashier discovered a payment QR code was overwritten with a strange code. Initially, no one paid attention because this code was printed and placed in the familiar position. However, when a customer reported that the supermarket had transferred money but did not receive it, the incident began to be closely examined.
"We checked again and found that the real QR code had been overwritten by the scammer with a fake code. Customers still thought they were paying for the supermarket, but in fact the money had been transferred to the scammer's account. Many people reported that their phones had been taken over when they accidentally clicked on the link after scanning the QR code," Ms. Oanh shared.
According to Ms. Nguyen Thi Hong Thanh (33 years old), owner of a fashion store in Cau Giay (Hanoi), after a customer paid 700,000 VND by scanning the QR code, she discovered that the customer's money had been deducted but her account did not receive any notification of receiving the money. Feeling confused, Ms. Thanh checked the QR code again at the payment counter and was shocked when the barcode was not linked to her account but to a "completely strange" account.
Ms. Thanh said: "Maybe someone pasted their QR code instead of mine. Because customers kept coming in and out, I didn't pay attention to control all the bad guys' behavior."
How to prevent?
Mr. Nguyen Van Thin - Security expert of Chongluadao said, QR code is a form of information displayed in the form of 2D matrix images. This is a form of information encoded to display so that the machine can read it. QR code allows devices to read the code through the camera on the smartphone.
Mr. Thin affirmed that opening the camera and scanning the QR code does not cause the user's phone to be infected with malware/hacked immediately. However, the following operations can put the user at risk. If the user scans the QR code, then accesses a link or downloads strange software, the phone can be hijacked. From there, the user's information can also be leaked.
"If you accidentally click on a strange link or download strange software, users need to immediately disconnect from the Internet and then back up the phone's data using a computer. Next, you need to reset the device to factory settings. Finally, you need to reset information and change passwords for all bank accounts and social networks..." - the security expert advised.
The Cyber Security and High-Tech Crime Prevention Department of Hanoi City Police recommends that people should:
- Double check before scanning QR codes: Always verify the origin and validity of QR codes, especially with unfamiliar or overlapping codes.
- Carefully observe the surroundings: At the payment point, check to make sure the QR code has not been tampered with.
- Beware of unusual offers: Avoid scanning QR codes with overly attractive promotions.
- Review the URL carefully after scanning: Make sure the web address starts with "https://" and is the correct domain name of the organization.
- Use a secure barcode scanning app: Consider using an app that warns of malicious links.
- Update security software: Make sure your device is protected by the latest anti-virus software.
- Limit sharing of personal information: Be careful when providing information after scanning the QR code.
- Report signs of fraud: Immediately notify the authorities if you suspect fraud.
The Department of Information Security ( Ministry of Information and Communications ) recommends that people be vigilant when encountering messages, emails or posts containing QR codes. (PHOTO: CATTT)
The Department of Information Security - Ministry of Information and Communications also emphasized that: "Users need to carefully check the information before scanning the QR code, especially avoid entering personal information on strange websites that are led to after scanning the code. Applying two-factor authentication and regularly updating device security will help minimize risks."
People do not scan QR codes, click on strange links or provide passwords or personal information to strangers.
From an international perspective, the US Federal Trade Commission (FTC) has also repeatedly warned about the dangers of fake QR codes. The FTC recommends users: "Only scan QR codes from trusted sources. If a QR code requires immediate action such as transferring money or providing information, double-check before doing so."
In an interview with Knowledge & Life Newspaper , lawyer Nguyen Ngoc Hung - Head of Ket Noi Law Office, stated that the act of fraudulently scanning QR codes to appropriate property is a form of high-tech crime, a serious violation of the law and can be criminally prosecuted according to the provisions of Article 290 of the Penal Code 2015 (amended and supplemented in 2017) on "Crime of using computer networks, telecommunications networks, and electronic means to appropriate property".
Lawyer Nguyen Ngoc Hung - Head of Ket Noi Law Office (Hanoi Bar Association).
Lawyer Nguyen Ngoc Hung emphasized that, depending on the severity of the act and the value of the property appropriated, the offender can be punished from non-custodial reform to 03 years and the highest penalty is imprisonment of up to 20 years. In addition to the prison sentence, the offender can also be fined from 20 million to 100 million VND, banned from holding a position, practicing a profession or having part or all of his/her property confiscated.
Therefore, according to lawyer Nguyen Ngoc Hung, to protect yourself from QR code fraud, you need to be careful in all electronic transactions. First, you should not scan QR codes from unreliable sources or when the purpose of use is unknown. If you are asked to enter account information, OTP code, or password, you should stop immediately and check carefully.
"Installing security software on personal devices is also an important measure to prevent malware from entering. In addition, you should regularly check your account transaction history to detect unusual transactions early. In case you suspect that you have scanned a malicious QR code, immediately contact your bank or e-wallet to lock your account and report the incident to the police. Raising awareness of high-tech scams and proactively protecting personal information will help you avoid becoming a victim of this type of crime," Mr. Hung affirmed.
Source: https://khoahocdoisong.vn/can-trong-voi-nguy-co-ro-ri-thong-tin-ca-nhan-tu-quet-ma-qr-post1548853.html
Comment (0)