A software engineer wanted to sell his washing machine. He placed an advertisement on an e-commerce website and was approached by an interested buyer who offered to buy it for INR 16,000.
The buyer who had called the software engineer told him that he would transfer the money online. This buyer sent an engineer a QR code on WhatsApp which he asked him to scan for the money transfer to go through. When the engineer who wanted to sell his washing machine scanned the QR code, his account was debited by INR 32,000. The so-called buyer’s phone was switched off leaving the software engineer with no other recourse other than contacting the police.
This is not just a cautionary story, this incident really happened in Thiruvanmiyur, Chennai, this year. QR code scams have become a regular occurrence over the last few years but even more so in 2020 with the COVID-19 pandemic forcing buyers and sellers to transact online. While online payment solutions are convenient and ensure people don’t have to interact closely with each other, they have also led to a big rise in QR code scams.
These scams usually occur when uninformed users scan a QR code with the expectation that they will receive money. That is never the case. The one thing to remember when paying money online is that you scan a QR code to pay money to someone, never to receive it. If someone claims to send you money by asking you to scan a QR code, stop all contact with the person immediately and block them. If needed, report them to the nearest local authority!
There are other forms of QR scams as well and mostly all of them use some sort of social engineering. If you consider the mechanics of how QR codes work, they are mainly a way to direct your phone to a link. Since QR codes are mainly used in public spaces, it is very easy for individuals with malicious intent to replace legitimate QR codes with illegitimate ones as very few people will be able to tell the difference.
An example of the above scam was reported in China in 2017 but it could easily happen anywhere in the world, more so in these times when we are increasingly using QR codes to make payments. What happened in China was that criminals replaced QR codes on shared bikes. Normally, users have to scan these QR codes and make a deposit to unlock these bikes. When they scanned the malicious QR codes, their money was transferred to the criminal’s accounts.
Staying safe from becoming a victim of these scams is all about vigilance. In particular, keep the following tips in mind:
1.Scan a QR code only if you’re absolutely sure that it is legitimate. Do not scan random QR codes in public if you’re not sure who put them up.
2.Use a QR code scanner that tells you the URL of the link you are being directed to. If the link looks legitimate, only then proceed.
3.Always remember that you don’t need to scan a QR code to receive money. Spread this information among others, especially among first-time e-commerce users who are still getting used to the process.
4.Go by your instinct. If it is telling you that there is something wrong with the QR code or the link it has directed you to, even if it looks official, trust your instinct.
5.Use a strong mobile security solution to protect you from QR code scams. If you’re an Android user, consider Quick Heal Total Security which continuously monitors activity and will alert you if you unsuspectingly land on a compromised website.