There are many of us who just casually scan QR codes every time we encounter them without a second thought about the probable hidden fraud tools. Cybercriminals are using this disregard to dupe individuals through an array of refined schemes.
How QR code scams happen
Proliferation of fraud techniques: The studies suggest that at least 25 different QR code-based fraud methods are currently being utilised across the country. These codes are incredibly easy to generate; even a layperson can create a QR in minutes.
Overlaying fraudulent codes: It was found out that these cyber criminals put their own bank account-linked QR codes in place of the fair ones at places like petrol pumps or large stores. When an unsuspecting customer scans the QR code to make a payment, the funds go to the fraudster’s account.
Malware and Plug-ins: A more efficient method now in use involves setting up malware-involved plug-ins in browsers. The malware enters a mobile device, and scammers gain direct control to access the bank accounts.
How does this process work?
When we scan a QR code and a plug-in instantly installs itself on our mobile browser. This apparently harmless software could actually be a Cloud Night malware, which is a powerful tool hackers use to steal details stored on your device.
Why are autofill details dangerous?
Autofill details contain everything we enter into Google Forms or other platforms during job applications, purchases, or surveys. These forms often require personal details such as Aadhaar numbers, PAN card details, account numbers, and passwords, which are linked directly to bank accounts.
Silent data leaks through malware
People hit “OK” when prompted, which would award consent for data access. Security experts warn that once malware like Cloud 9 contaminates your browser, it can transfer all the data that is accumulated in your autofill system. It is a sign of risking a major personal data leak from your mobile browser.
Fraud at trusted locations
When customers are making purchases from established venues, it is advised to double-check QR codes. The cyber criminals have started employing plug-in QR code loggers for launching identical attacks, therefore making it difficult for even attentive individuals or businesses to spot tampering.
How to stay safe
1. Scrutinise Your Browser: It is advised to scan your browser for doubtful plug-ins or unexplained actions.
2. Exercise Vigilance: The users are advised to be careful when inspecting QR codes, even in trusted environments.
3. If sensitive information is saved in a mobile browser, then the theft of the device could give all this information to criminals.
4. Stay alert and occasionally examine the mobile security to stop falling victim to these increasing scams.
