Police in Ningbo, Zhejiang Province arrested two suspects who cheated people out of over 10,000 RMB (about 1,470 US dollars), by replacing over 20 downtown merchants’ QR codes, according to local media.
The seized suspects were captured carrying over 314 QR code stickers generated through fake IDs and cellphone numbers. Both suspects admitted going around shops, stalls and restaurants as one of them talked to the business owners as a distraction while the other replaced QR codes at the counter front.
The crime was hardly noticed until one of the busy, small-scale shop owners found he’d lost up to 2,000 RMB (some 300 US dollars).
Crimes that make use of QR codes are not limited to such stealing from transactions. QR codes block readable information from its users, allowing scammers to embed malware links that can compromise one’s private information.
In the above case, the technology is extremely user-friendly and very widely applied in China and elsewhere in Asia. Both Wechat Wallet and Alipay use QR codes to finish online payment processing.
But the speedy convenience was achieved at a cost of blanking necessary information in any given transaction or information exchange.
How fraudulent QR codes can appear:
1. Scan To Pay Your Penalty
Worse still than getting a traffic fine, some cheaters counterfeit ‘traffic citations’ with a QR code on it to trick drivers into paying the ‘penalty’!
Learn to compare the real and fake, or ask the official office before you scan the QR code if you doubt the 'penalty' receipt.
2. We Want Your Support
Nearby metro stations and bus stations, scammers are carrying little boards with QR codes on them, asking passersby to scan, saying:
"Please support our start-up business by scanning code, or Scan the code to take part in our company’s activity”.
Not every charity is fake, but a formal charity will have proof or a certificate etc. You may ask them for such proof before you scan to contribute your support
3. Scan And Get A Gift
When walking in place like market, you must have seen this: scan our QR code and you will get a gift! Actually, it may be just a marketing strategy to promote products.
Check the QR code that you scan, or ask the gift shopkeeper whether the code interface is real or not. Secondly, if a personal message is needed before you log into the interface, you should have second thought, are they trying to steal your personal message or hack your money?
4. QR code covered by criminal sticker
Like the above case, QR codes could be covered by other stickers. They can be seen everywhere: on billboards, goods exhibited in stores, on websites, various types of tickets and coupons…the list goes on and on.
Try to scrape the QR code，if you find there is a sticker, stop scanning, go and ask the one who is responsible for this QR code for an explanation.
5. QR code containing a virus
Cyber-attackers might use these codes to redirect you to websites (via malicious links) that ask you to download malicious applications containing a virus or other type of malware; these in turn, can:
- Make your calendar, contacts and credit card information (if you shop or bank online using your smartphone) available to cybercriminals.
- Ask you for your Google or Facebook password – many apps are integrated with various social networks; as a result, some users may unsuspectingly enter their info.
- Track your location.
- Send SMS to a premium number, racking up your phone bill
A popular attack via QR code took place in Russia last autumn, and involved a Trojan disguised as a mobile app called Jimm. Once installed, “Jimm” started to send a series of expensive text messages ($6 each), racking up unwanted charges.
Viruses – use common sense. If a link requiring you to click or a form pops up, asking you to fullfill personal details, take caution as it may be a virus.
Care about your mobile security? Stay away from malicious QR codes!
1. Use a mobile QR code-/barcode-scanning app that previews URLs. Avoid scanning suspicious codes and links that don’t seem to match the ads they’re incorporated in; also avoid shortened links.
2. Don’t scan QR codes in the form of stickers placed randomly on walls. QR codes can be generated by anybody and stuck on walls in public places. And in today’s QR code hype, scammers think someone’s bound to scan such a code, just for curiosity. They can also stick malicious QR codes over legit ones on a billboard. So look at a QR code placed in public places closely before you scan it.
3. Be extra careful if your smartphone works on the Android mobile operating system. Android is an open platform, which means that its source code can be examined by criminals and exploited easily when they find a weakness in, say, the Android browser. That’s why most malicious apps transmitted via QR codes target the Android-based smartphones. So, make sure your Android browser is always up-to-date and only scan QR codes from trusted sources.
4. Install a mobile security app right away. Apps like: 360 save guard, QQ save center, Baidu save guard etc.. They can protect you from viruses or personal messages.
5. Use your common sense and scan only QR codes from trusted sources. Be careful when you are scanning a code on the street without even verifying its source. While scanning a code featured in a magazine or newspaper article might be considered safe, you just can’t be too sure when it comes to QR codes found on posters on the street, or flyers being handed out.
Provided that a QR code generated by WeChat, it has its own feature.
What kind of malicious QR codes have you encountered?