Beware of QR code frauds this Mother’s Day
Digital users should be aware of the QR code scams and should think twice before proceeding to scan any QR codes provided to them, as they can be potential tools used by cyber fraudsters to defraud gullible citizens.
About QR Code
Quick Response’ or QR code is a type of two dimensional barcode that is a machine-readable optical label that contains information about the item to which it is attached and directs to a locator, identifier or tracker that points to a website or application. Users can generate and print their own QR codes for others to scan and use by visiting one of several pay or free QR code-generating sites or apps.
Users with a camera phone equipped with the correct reader application can scan the image of the QR code to display text, contact information, connect to a wireless network, open a web page, make payments using the mobile phone's browser.
Misuse of QR codes by fraudsters
QR code scams mainly aim at making the users access the page, through which cybercriminals can steal user’s sensitive information, money or both. The fraudsters misuse the QR codes in different ways to defraud gullible citizens. Mentioned below are few:
-
QR Code Phishing
Fake emails, flyers, letter, messages, advertisements, information etc., with fraudulent QR code which leads to page that tries to capture personal sensitive information.
-
QR scam using social engineering technique
Fraudsters may use crafty ways to get the users to scan the fraudulent QR code : Examples of social engineering techniques
- They may use the story of stranger in danger, who makes user scan QR code for some amount in promise to repay you the amount later.
- They may get the user to scan the QR code in the pretext of sending the amount for purchase of the goods/services and empty the victim’s account.
- They may get the users to call fraudulent service/gas/helpdesk/restaurant numbers uploaded on google and make them scan QR code to capture bank details and loot money.
-
QR Code Viruses
Fraudsters can also embed links in QR codes redirecting them to webpages containing viruses/malware which can compromise user’s sensitive data.
-
QR payment fraud
Fraudsters can also tamper with the QR codes and place the fraudulent codes at locations where lot of online payment are made like petrol bunks etc., they may also cover up legitimate QR codes to fool victims.
Dangers
- Financial loss
- Malware attack
- Data loss
Modus Operandi
Case 1
- The user may call up the contact numbers they find on google search to order a cake for their mother on mothers day.
- The call can land up with a fraudster who can send the user a fraudulent QR code to scan for the delivery of the order.
- The users ends up being cheated by the fraudster and loosing the amount.
Case 2
- The fraudsters may approach the user masking themselves as buyers of goods put up by for sale on online sites.
- They may show interest to purchase the product and will share a QR code to pay advance/token amount through whatsapp, email or other platforms.
- After sharing the QR code, the fraudster will ask user to select “Scan QR code” option on the app and select QR code from photo gallery
- Once user scans the QR code from photo gallery, he/she will be asked to proceed with the payment.
- Once the users click on “Proceed”, they will be asked to Enter your UPI PIN and money will be deducted from user’s account.
Preventive/ safety measures
- Do not scan a QR code you do not trust or that you are not sure about.
- Contact the company/institute directly to confirm the message/post/information you received before scanning the code.
- Always remember that a QR code is used for payment of money not receiving it.
- Take care to install good antivirus software on digital devices to protect yourself against any potential malware.
- Do not back off from denying help and telling a stranger a clear ‘NO’, when requested to scan a QR code for help on some pretext.
- Ensure to look for information regarding a QR code that might look even a bit suspicious manually first and check before scanning.
- Never use the contact details or mobile numbers of customer care or service centres, provided in the mails/messages/ flyers etc.,
- Never use the contact number found in the random google search for gas booking, restaurant, banks, online food delivery, customer care etc., as they can be
fraudulent ones, only visit the authentic website for actual contact details.