Cybercriminals and scammers are now using QR codes to trick many victims into phishing campaigns. The simple process consists of covering up a real code with a fraudulent one, with the risk for the victims of having their bank details stolen in a few clicks.
Their use has increased dramatically with the Covid-19 pandemic. The QR code has become an ubiquitous part of daily life, allowing access to a Wi-Fi network, reading a menu and even paying for a restaurant bill. The process is now attracting scammers, who are disseminating fraudulent QR codes everywhere, reports The Parisian.
The QR code (for Quick Response Code) refers, thanks to a quick scan with your smartphone, to a website or to downloading an application. It took years to educate people not to click on a dubious link sent by e-mail, we have to start all over with these QR codes, plague Len Noe, cybersecurity researcher at CyberArk.
A simple sticker
Cybercriminals have hatched a simple scam. They simply replace an existing QR code with their own with a new sticker. When the victim scans it, he is then sent to a site imitating the one he thought he was going to. Sometimes the fraudulent link invites you to download a pirate application.
Discover the best free bank cards thanks our comparison
These schemes are particularly formidable because the cyberattack goes through the camera and thus bypasses antivirus and security filters, points out Len Noe. But most often, scammers target payment QR codes, such as those used to pay the bill at the restaurant.
Savings: alert, fake passbook scams are back
Without knowing it, the victim then gives his bank details to malicious people, as in a classic phishing campaign by e-mail. The first cases of scams of this kind have been recorded in Asia, Germany and the United States. Cybermalveillance.gouv has not yet recorded any victims in France.