Alert! This is a Trick Often Used by Criminals to Cover Up Fake QRIS
JAKARTA - Nowadays, almost everyone has a smartphone that has a built-in QR scanner. Alternatively, anyone can download an app that reads all QR codes in app libraries such as the App Store and Play Store.
To scan a QR code, users simply open the scanner app and point their smartphone's camera at the code. Usually, the smartphone will ask you to open a certain website or download an application. However, there are other options that can be done with the QR code, such as:
- Adding contacts
- Make outgoing calls
- Draft an email and collect recipient and subject lines
- Send text
- Share your location with apps
- Create social media accounts
- Schedule calendar events
- Add preferred Wi-Fi networks with credentials for automatic connection.
Because it's very easy to manufacture, and humans can't just read QR codes, this gap is fertile ground for cybercriminals.
QR codes generated by cybercriminals might lead to phishing sites that look like social network or online bank login pages. Or, the perpetrator might trick the user into committing an error in the application download, for example, by downloading malware.
But, how do cybercriminals cover up the QR code? According to Kaspersky, the perpetrator usually has to persuade the victim to scan it first.
اقرأ أيضا:
Not only that, Kaspersky also looks at several tricks that cyber criminals use to carry out their actions, such as:
Dangerous source. Cybercriminals can place QR codes with links to their creations on websites, in banners, in emails, or even in advertisements in a piece of paper. The point is to get the victim to download a malicious application. In many cases, the Google Play and App Store logos are placed next to the code for added credibility.
Substitute. It's not uncommon for cybercriminals to ride on the reputation of legitimate parties, replacing real QR codes on posters or signs with fake ones.
Like the case that recently occurred, where a man pasted fake QRIS in charity boxes at several South Jakarta mosques. Here, the perpetrator replaced the QRIS sticker belonging to the Nurul Iman mosque with his own QRIS sticker.
It is for this reason that security experts at Kaspersky advise people to always check links before tapping or clicking.