New Delhi, October 3 (IANS) As Indians have embraced digital payments quickly, a rise in QR code scams has affected the nation, according to a report released on Tuesday. The report found that between 2017 and May 31, 2023, 20,662 cases (or 41% of all cases) involving QR codes, malicious links, or debit/credit card fraud were reported in Bengaluru.
In order to compromise a company’s website, attackers may substitute their own QR code for the real one since most QR codes have a similar appearance and it is difficult to tell them apart. When users scan this modified code, it may immediately send them to a phishing URL, where thieves may, among other things, ask for user credentials and access email or social media accounts.
Alternately, it might direct users to a dubious app store and encourage them to download a malicious app that, according to the report, contains viruses, spyware, trojans, or other forms of malware and allows for data theft, privacy breaches, ransomware attacks, and, in some cases, even crypto-mining.” As QR codes become more prevalent in our everyday lives, associated frauds have become more prevalent.
Cybercriminals take advantage of this by secretly altering QR codes in places like clubs, restaurants, lounges, and pubs. Vicky Ray, Principal Researcher at Palo Alto Networks’ Unit 42, warned that this might lead to unlawful UPI payments and possible financial loss.
With a transaction value of Rs 15.18 trillion ($204.77 billion), the United Payment Interface (UPI) exceeded 10 billion monthly transactions in August. The research also cited the usage of “evil twin” or hotspot honeypots as another common TTP (threats, techniques, and procedures) among hackers. In this case, threat actors set up an unsecured Wi-Fi network and lure consumers in by offering them free internet access in exchange for scanning their QR code.
Once linked, hackers snoop on data transmissions and intercept them, stealing credit card information, login passwords for online banking, and other sensitive personal or company data, according to the research. Given the widespread acceptance of hybrid working, people must take care and only connect to secure Wi-Fi networks to prevent being caught in these online traps.
