QR Code Scams Surge in India; Palo Alto Networks Urges Caution
By MYBRANDBOOK
The United Payment Interface (UPI) surpassed 10 billion monthly transactions in August with a transaction value of INR15.18tn ($204.77bn). While Indian netizens have quickly adopted digital payments, a surge in QR code scams is plaguing the country. Per Bengaluru city police data, more than 50,027 cybercrime cases were registered in Bengaluru between 2017 and May 31, 2023. 41% of them (20,662 cases) were related to QR codes, malicious links, or debit/credit card fraud.
Amidst this slew of financial frauds, Palo Alto Networks today issued an advisory to be vigilant against these TTPs (threats, tactics, and procedures). Given the visual similarity of most QR codes and the difficulty in discerning differences, attackers can compromise a business' website by substituting the genuine QR code with their own. When individuals scan this altered code, it can automatically redirect them to a phishing URL, where cybercriminals can request user credentials and gain access to email or social media accounts, among other things. Alternatively, it could lead users to an untrustworthy app store, urging them to download a malicious application. Such apps typically contain viruses, spyware, trojans, or other types of malware, enabling data theft, privacy breaches, ransomware attacks, and in some instances, even crypto-mining.
Another prevalent TTP among cybercriminals is the use of "evil twin" or hotspot honeypots. In this scenario, threat actors establish an insecure Wi-Fi network, enticing users with free internet access upon scanning their QR code. Once connected, hackers intercept and eavesdrop on the data being transmitted, pilfering personal or confidential business information, online banking credentials, and credit card details. Given the global adoption of hybrid working, individuals must exercise caution and connect only to secure Wi-Fi networks to avoid falling into these cyber-traps.
Online marketplaces, too, are fertile grounds for scammers to perpetrate such fraudulent schemes. For instance, when individuals post classified ads, scammers often masquerade as interested buyers. After initial negotiations with the buyer, the fraudster provides the victim with a QR code, instructing them to scan it to claim their payment. After which, the victim’s bank account is compromised.
Palo Alto Networks advises netizens to adhere to the following:
1. Think Before You Scan: Resist the urge to scan any QR code without knowing its destination. Prioritise caution and scrutinise the QR code's intended website and domain for legitimacy.
2. Preview the website: Utilise secure QR code scanning apps that offer website previews before visiting. In web browsers, disable automatic redirects to scrutinise the URL domain for trustworthiness.
3. Download Apps from Trusted Sources: Only download mobile apps from reputable sources like Apple's App Store or Google Play Store.
4. Keep Devices Updated: Regularly update all your smart devices with the latest security patches and software updates.
5. Stay Aware and Alert: Maintain a vigilant and alert attitude towards QR codes and potential security threats.
“With QR codes now deeply integrated into our daily lives, related scams have surged in prominence. Cybercriminals exploit this by surreptitiously replacing QR codes in establishments such as bars, restaurants, lounges, shops, and clubs. This can result in unauthorised UPI payments and potential financial harm. Incidents of scanner replacement fraud are on the rise, and the threat may escalate in the future,” said Vicky Ray, Principal Researcher – Unit 42 at Palo Alto Networks.
“Vigilance is paramount for both individuals and merchants. Regularly inspecting their QR code scanners and implementing essential precautions is crucial to thwarting these fraudulent activities,” Vicky added.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : ASHISH KUMAR CHAUHAN
Ashish kumar Chauhan, an Indian business executive and administrator, ...
Icons Of India : Dr. Arvind Gupta
Arvind Gupta is the Head and Co-Founder of the Digital India Foundatio...
Icons Of India : Bhavish Aggarwal
Indian entrepreneur Bhavish Aggarwal is the CEO of Ola, India’s larg...
LIC - Life Insurance Corporation of India
LIC is the largest state-owned life insurance company in India...
IREDA - Indian Renewable Energy Development Agency Limited
IREDA is a specialized financial institution in India that facilitates...
NPCI - National Payments Corporation of India
NPCI is an umbrella organization for operating retail payments and set...
Indian Tech Talent Excelling The Tech World - Vinod Dham, Founder & Executive Managing Partner, IndoUS Venture Partners
Vinod Dham, known as the “Father of the Pentium Chip,” has left an...
Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson
Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...
Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable
Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...