Beware Of Fake QR Codes Used By Scammers To Steal Your Data And Money

NST reports that Quann Malaysia, a leading regional cybersecurity firm, has warned of scammers using fake QR codes to steal data and money from users.

Upon scanning the fake QR codes, a scanner may be directed to malicious websites where users key in their information. The information is later used to send phishing emails which could infect the scanner's computer.

Malicious QR codes can also be used to infect smartphones with viruses, allowing scammers to steal money from mobile wallets and bank apps. 

"There’s a rising number of cases where criminals have been sticking their own codes over a business’ original one to steal the scanner’s data or access the scanner’s smartphone to tap into their bank account," its general manager, Ivan Wen said.

Wen told NST that about RM55 million was stolen in China's Guandong province alone – where QR codes are commonly used.

The firm said the problem with QR codes is that it is impossible to visually differentiate an original code from a malicious one.

In response to the growing problem, China's central bank has begun regulating QR code spending limits and requiring merchants to obtain a license before they can offer QR code payments legally.

1. Before scanning the QR code, look out for signs of tampering on the sticker.

2. Pay attention to any pixelated logos or images, as well as spelling and grammar mistakes.

3. Use a secure and reliable QR code app that can flag malicious websites and show the actual URL before scanning the code.

4. Do not key in any personal information after scanning a code.

5. Be wary of scanning QR codes in public places, like bus stops and taxi stands.