QR Code Scams
Recently, QR code fraud has been recorded to increase sharply in the world and in Vietnam. Therefore, users need to be careful before scanning QR codes, especially wary of QR codes posted or shared in public places, sent via social networks, emails... Some banks in Vietnam also warn about credit card fraud via QR codes.
Specifically, after making friends via social networks to communicate with the victim, the scammer will send a QR code for the user to scan. This code leads to fake bank websites. The user is asked to enter their full name, citizen identification number (CCCD), account, secret code or OTP, from which their account is taken over. Meanwhile, at crowded payment points such as coffee shops, restaurants, etc., the scammer's trick is to paste the QR code over the QR code. That is, the scammer has pasted the QR code over the "real" QR code, and the payer will accidentally lose money within seconds. To ensure the safety of paying customers, some restaurants and cafes only paste the QR code right at the cashier counter and always remind customers to be careful when scanning the code.
In addition to the situation of payment QR codes being overwritten, causing money to be transferred to the scammer's account, in recent times, the phenomenon of malicious QR codes has also been easily spread through articles and images through many messaging applications, forums, and groups on social networks, especially in live broadcast programs (livestream). When readers and viewers scan the code, they will be redirected to gambling advertising pages with malicious code that can be installed on their phones...
The QR code scam that Lam Dong Province Police recently caught red-handed is an example. Through investigation, the police discovered a group distributing flyers containing pictures of beautiful young girls and QR codes to lure users to scan them to access the website and download the application. However, the application contained malware specifically used to steal users' information and data.
In fact, the nature of QR codes is not a direct malware attack but only an intermediary to transmit content. Therefore, whether users are attacked or not depends on how the content is processed after scanning the QR code. To avoid being scammed through this form, users need to be careful before scanning QR codes, especially wary of QR codes that are pasted or shared in public places, sent via social networks, and emails. Users also need to identify and carefully check the account information of the QR code exchanger; carefully review the content of the website that the QR code links to.
Mr. Nguyen Duy Khiem (Information Security Department, Ministry of Information and Communications) commented that QR codes have become increasingly popular everywhere, not only in Vietnam but also in many countries around the world. Payment methods using QR codes are becoming increasingly familiar and popular with many Vietnamese users.
According to statistics from the Payment Department (State Bank of Vietnam), QR codes have a strong growth rate in both quantity and value. In 2022, payments via QR codes increased by more than 225% in quantity and over 243% in value. In the first 5 months of 2023, payments via QR code scanning increased by 151.14% in quantity and 30.41% in value over the same period.
The Information Security Department recommends that users should be cautious before scanning QR codes, especially wary of QR codes posted or shared in public places, sent via social networks, or email.
The Information Security Department recommends that agencies, units and organizations providing QR codes pay attention to warning and propaganda to users and promptly provide solutions to verify transactions with unusual signs; regularly check QR codes posted at the locations of provision.
OTP code and bank account misappropriation
The Payment Department, State Bank of Vietnam has just issued document No. 4893/NHNN-TT to credit institutions, warning about fraudulent methods to steal OTP codes and bank accounts. Accordingly, the scammers' method is to impersonate bank employees to call customers with the excuse of supporting balance checks and transactions; when customers read their name and the first 6 numbers of their domestic debit card, the scammers ask customers to read the remaining numbers on the card to confirm that they are the correct cardholder.
The scammer then informs the bank that they will send a text message to the customer and asks the customer to read the 6 numbers in the message. In fact, it is an OTP code to make online payment transactions and if the customer follows the scammer's request, the money in the card account will be lost.
The Payment Department also informed that scammers often set up websites impersonating banks to receive and support questions about banking services, in order to collect personal information, transaction history and accounts. In addition, scammers send messages impersonating the bank's brand to customers to notify them that their accounts show signs of unusual activity and instruct them to confirm information, change passwords, etc. From there, scammers obtain customers' confidential information to appropriate money in their accounts.
Mr. Vu Minh Hieu, Head of Cyber Security Department, Bkav Group, shared that in many cases, if customers provide confidential information of electronic banking services such as login name, password, OTP code to scammers, it is very easy for their accounts to be taken over. According to Mr. Vu Ngoc Son, Technology Director of Vietnam National Cyber Security Technology Company, to avoid losing bank accounts or having OTP codes taken over, users should absolutely not provide personal information such as login accounts or social network accounts.
“Users should not follow the instructions of strangers to accidentally reveal personal information about bank accounts (account numbers, OTP codes), ID card numbers, phone numbers, and residential addresses. This is a way to protect yourself from online fraud,” Mr. Vu Ngoc Son emphasized.
Online fraud increased by 64%
According to the Vietnam Information Security Warning Portal, in 2022 there were about 13,000 cases of online fraud with 2 main types of fraud: fraud to steal personal information (accounting for 24.4%) and financial fraud (75.6%). Fraud to steal personal information is also a stepping stone to continue to develop scenarios to carry out financial fraud. The ultimate goal is to defraud and appropriate assets and the method is to exploit the gullibility, lack of access to information, low employment or income, and greed in each person. According to statistics from the Department of Information Security (Ministry of Information and Communications), in the first 6 months of 2023, the situation of online fraud in Vietnam increased by 64% over the same period.
The Ministry of Public Security also announced that there are currently 3 main groups of fraud, including brand counterfeiting, account hijacking and other combined forms. With these 3 groups of fraud, the Ministry of Public Security divided them into 24 forms of fraud such as: "cheap travel combo" fraud; Deepfake, Deepvoice video call fraud; "SIM lock" fraud due to unstandardized subscribers; impersonating teachers and medical staff to report that relatives are in emergency to commit money transfers; impersonating financial companies and banks... These forms of fraud target the elderly, children, students, youth, workers, laborers and office workers. According to the Ministry of Public Security, propaganda, dissemination and awareness raising to equip each individual with basic knowledge and skills to ensure information security in cyberspace is a key factor in helping to create a safe Vietnamese cyberspace, contributing to promoting the digital transformation process, developing a sustainable digital economic and social infrastructure. This is a necessary and urgent task in the digital age, protecting information security for all subjects participating in activities in the network environment.
Source
Comment (0)