Beware Of Fake QR Codes, Here's How Not To Become A Victim

Fake QR Code Alert (photo: Kaspersky)

JAKARTA - QR codes are usually used for various purposes, ranging from filling out surveys, downloading useful things, visiting interested websites, and also paying for something.

However, Kaspersky said that the comfort actually still hides significant vulnerabilities. Compared to regular links that can be seen as writing errors for fake sites, with QR codes, no one can guess where it will take you.

Kaspersky found an interesting example, where a woman who lost up to 20,000 US dollars (Rp306 million) for scanning a QR code while buying a bubble tea.

At that time, a 60-year-old Singaporean wanted to get a free bubble tea. Before that, he had to scan the QR code installed on the shop's door.

Instead of filling in the survey, the sticker instead contains a link to download third-party Android applications, which according to him can be used to follow surveys. However, in fact it is a dangerous application.

Once installed, the program asks for access to the camera and microphone, and to enable Android accessibility services. This built-in Android service allows cybercriminals to view and control the victim's screen, as well as disable facial recognition and fingerprints.

In this way, attackers can force victims to manually type their banking app passwords, if needed. Fraudsters only need to wait for victims to log in, intercept their credentials, and then use them to transfer all the money to their accounts.

How not to become a victim of the misuse of fake QR codes

Kaspersky recommends users pay attention to the following: