Beware Of Fake QR Codes Used By Scammers To Steal Your Data And Money

Know what you scan.

Cover image via SecurityBrief Asia

Quick Response (QR) Codes provide a one-stop process for directing users to websites, promotions, phone number, or other information. But scammers have found a way to take advantage of that accessibility.

Image via Freemake

NST reports that Quann Malaysia, a leading regional cybersecurity firm, has warned of scammers using fake QR codes to steal data and money from users.

The modus operandi involves criminals sticking their own codes over a business' original ones

Image via Flickr

Upon scanning the fake QR codes, a scanner may be directed to malicious websites where users key in their information. The information is later used to send phishing emails which could infect the scanner's computer.

Malicious QR codes can also be used to infect smartphones with viruses, allowing scammers to steal money from mobile wallets and bank apps. 

"There’s a rising number of cases where criminals have been sticking their own codes over a business’ original one to steal the scanner’s data or access the scanner’s smartphone to tap into their bank account," its general manager, Ivan Wen said.

It has been reported that the scam is most widespread at restaurants, where the codes are not regularly changed

Image via CNN

Wen told NST that about RM55 million was stolen in China's Guandong province alone – where QR codes are commonly used.

The firm said the problem with QR codes is that it is impossible to visually differentiate an original code from a malicious one.

In response to the growing problem, China's central bank has begun regulating QR code spending limits and requiring merchants to obtain a license before they can offer QR code payments legally.

To protect local QR code users from falling into similar scams, Quann Malaysia has listed some precautionary steps:

1. Before scanning the QR code, look out for signs of tampering on the sticker.

2. Pay attention to any pixelated logos or images, as well as spelling and grammar mistakes.

3. Use a secure and reliable QR code app that can flag malicious websites and show the actual URL before scanning the code.

4. Do not key in any personal information after scanning a code.

5. Be wary of scanning QR codes in public places, like bus stops and taxi stands.

As more and more mobile payment platforms look to enter the Malaysian market, it's very important for us to be cautious. Be careful out there, everyone!

On a related note, several Malaysians were duped into buying fake tickets to Jay Chou's sold-out concert:

Educate yourself so you won't fall for any of these scams:

You may be interested in: