Very popular, the QR code has become, in recent months, an additional tool in the eyes of computer criminals, who misuse it to carry out scams. The gendarmerie decided to sound the alert.
A few weeks ago, we already alerted you to the rise of “quishing”, an evolution of phishing which consists of hijacking QR codes to deceive those who scan them. “ Fake QR codes are circulating and making you believe that you are paying for the selected service, but there is a but: they directly fund the bank accounts of certain scammers », Explains the Lot-et-Garonne gendarmerie, which is trying to raise awareness among citizens.
Scammers have no trouble creating a QR code scam
The QR code, helped by the Covid era, has become essential in many areas, such as catering, health, telecommunications, the entertainment world and even the media. By scanning a simple pictogram using our smartphone, we are directly redirected to a site, an application or a document.
Increasingly used, it was enough for pirates to make the QR code one of their new toys. And the most annoying thing is that the stratagem is not that complicated to put in place on the part of the thugs.
First, the scammer generates a QR code that sends whoever scans it to a malicious site or software. Then, he prints his poster (or distributes it on the web), and sticks it up or hangs it as an announcement of the neighbors’ party and a warning before the next work in the street. When scanning the fraudulent QR code, the victim downloads the malware or provides their personal and, often, financial information. The thief just has to conclude. This is what we call “quishing”.
There are many cases of quishing
The victims are unfortunately numerous, as is the diversity of cases. In Loiret (45) for example, a victim fell into the trap of the QR code affixed to an electric vehicle charging station, we told you about it. She then noticed several fraudulent withdrawals.
In Seine-en-Marne (77), a person thought they had found a fine notice under their windshield wiper. By scanning the associated QR code, she thought she would pay her fine, but it was the hackers who recovered her bank details. Around ten fraudulent direct debits followed. There is also the case of the person trapped in an elevator, with a poster offering to win a trip; or that of the citizen thinking of placing an order at a bar table. Each time, there were multiple samples taken.
“ Stay vigilant and attentive to keep your money, and do not fall into the trap of the fake QR code. Do not give satisfaction to these scammers », advises the gendarmerie. We can add that you should always be wary of a QR code that could be “pasted” above another poster, without forgetting to check the URL of the page where you land. If you have the slightest doubt, don’t go any further.
0