An elderly woman lost US$ 20,000, about R$ 100,000, after falling into a scam involving a fake QR code. It happened in Singapore, where the 60-year-old woman ended up downloading a malicious app to her cell phone, which carried out transfers from her bank account, after scanning a promotional code at a bubble tea shop.
The victim was not identified, but said that the QR code was in the shop window of the establishment, with the offer of a free drink in exchange for registration in a loyalty program. From the scan, she was induced to download an application that effectively brought information about the offer. During the night, however, she noticed that the cell phone screen had been activated and, when checking, noticed that transfers were being made from her bank account.
The fraud was reported by the local press as a warning about the increase in scams using QR codes. The warning is shared by the Singaporean police authorities, who had already notified citizens, in April, about the use of this type of technology to contaminate cell phones with viruses that steal personal data and banking credentials — that’s what happened to the elderly woman, probably. According to the country’s police, this year alone, more than 100 victims have been registered, with losses of more than US$ 445,000, or approximately R$ 2.2 million.
The alert is shared by other global security agencies. In the United States and the United Kingdom, cases of false fines or traffic notifications were applied to drivers, with fraudulent QR codes that induce victims to make payments. The pages accessed by the codes simulate the website of the authorities, accessed from URL shorteners and legitimate payment systems.
In a case seen in the USA, the criminals bet on the urgency of making victims, with the notification having to be paid quickly so that the value of US$ 60, approximately R$ 300, was maintained; it rose to US$80, around R$400, after 30 days and reached US$100, more than R$500, in 45 days. A primary error, however, was committed: the false ticket was received by the driver on May 4, but the ticket indicated that it was issued the following day.
In Brazil, scams of this type have been in sight since 2021. Two years ago, the Ministry of Justice and Public Security issued its first warning about a scam that used QR codes to obtain credit card data, while in the same year, Febraban ( Brazilian Federation of Banks) warned about the use of codes in fake slips. Charges were received through messaging apps.
How to protect yourself from scams with fake QR codes?
According to data from the cybersecurity company Kaspersky, Brazil is the second country with the highest incidence of fraud involving QR codes. Around here, one of the main focuses is Pix, with criminals using the codes to obtain transfers on behalf of government agencies, brands or companies, with slips or notifications that are often disseminated through messaging or email apps.
Paying attention to charges that arrive by these means, then, is the first step. Be wary of undue notifications or fines, as well as indications that payment needs to be made urgently. If you go ahead, always check if the recipient’s information matches that of the service to be paid for; data from a natural person in a charge that would have been made by a company, for example, is a sign of trouble.
At the slightest sign of doubt, avoid making the payment or transfer, seeking assistance to confirm whether the charge is real. Always use official means to do this and immediately stop contact if you find any signs of fraud. If you have already passed information or made transfers, inform the bank or card issuer and keep an eye on statements and invoices to detect any suspicious transactions.
With information from Bleeping Computer.
