QR codes are being misused by scammers to steal people’s money. A Singaporean woman lost $20,000 after using a QR code on a bubble tea shop door to fill out a survey that promised her a free drink. However, she downloaded a third-party app onto her phone which then siphoned the money out of her bank account.
The malware app asked for permissions that included access to the phone’s microphone and camera, which let the scammer monitor the victim’s banking app and note down login details. As the victim was asleep, the scammer was able to take control of her account without her knowing.
QR codes are also being used in the US and UK to scam drivers with fake parking tickets. A Reddit user found a parking ticket on their car’s windshield in San Francisco that claimed to be issued by the city government.
The QR code on the ticket links to a fake website that looks like the real San Francisco Municipal Transportation Agency website and uses Square’s web payments form to process fraudulent transactions. Customers should always verify parking tickets or legal correspondence on official government websites.
The Singpass digital identity system, which uses QR codes, has also been misused by fraudsters who ask victims to complete fake surveys and then scan a QR code via the official Singpass app as part of a “verification process” to redeem monetary rewards.
Scammers use a screenshot taken from a legitimate website to dupe victims into providing access to certain online services without further checks.
QR codes are popularly used by legitimate organizations for advertising, loyalty, and rewards programs and for enforcing parking fees and fines. Scammers have been quick to abuse the technology for their nefarious purposes. Consumers should be cautious and check the source of the QR code before scanning it.
