In a landmark achievement, the United Payment Interface (UPI) registers an astounding 10 billion monthly transactions worth INR 15.18 trillion ($204.77 billion) in August, showcasing the rapid adoption of digital payments in India. However, the surge in UPI transactions comes hand in hand with a worrisome rise in QR code scams across the nation.
Bengaluru, renowned for its tech industry, has witnessed a significant spike in cybercrime cases, with more than 50,027 cases reported between 2017 and May 31, 2023. An alarming 41 percent of these cases (20,662) were related to QR codes, malicious links, or debit/credit card fraud, as per Bengaluru city police data.
According to media reports, the Economic Offences Wing (EOW) of the Odisha Police detected a case of huge cyber financial fraud in which more than Rs 14 crore has been siphoned off by manipulating QR codes of a Fintech company.
Today, Palo Alto Networks, a global cybersecurity leader, issued a crucial advisory urging vigilance against evolving Threats, Tactics, and Procedures (TTPs). Cybercriminals exploit the visual similarity of QR codes to deceive individuals and compromise business websites, redirecting victims to phishing URLs or encouraging downloads of malicious applications. These nefarious apps often harbor viruses, spyware, trojans, and other types of malware, enabling a range of cyber threats, including data theft, privacy breaches, ransomware attacks, and even crypto-mining.
Among the prevalent tactics employed by cybercriminals is the deployment of “evil twin” or hotspot honeypots. In this scheme, hackers set up insecure Wi-Fi networks, enticing users with free internet access upon scanning a QR code. Once connected, threat actors intercept and eavesdrop on transmitted data, pilfering personal or confidential business information, online banking credentials, and credit card details.
Online marketplaces have also become fertile ground for scammers. Impersonating interested buyers, fraudsters lure victims into scanning QR codes with promises of payments. Subsequently, the victim’s bank account is compromised.
To combat these escalating threats, Palo Alto Networks urges netizens to follow these guidelines:
Think Before You Scan: Exercise caution and scrutinize the intended website of a QR code before scanning.
Preview the Website: Utilize secure QR code scanning apps with website previews to verify legitimacy.
Download Apps from Trusted Sources: Obtain mobile apps exclusively from reputable sources such as Apple’s App Store or Google Play Store.
Keep Devices Updated: Regularly update all smart devices to the latest security patches and software updates.
Stay Aware and Alert: Maintain vigilance and an alert attitude towards QR codes and potential security threats.
Vicky Ray, Principal Researcher at Palo Alto Networks, warned, “With QR codes now deeply integrated into our daily lives, related scams have surged in prominence. Cybercriminals exploit this by surreptitiously replacing QR codes in various establishments, leading to unauthorized UPI payments and potential financial harm. Incidents of scanner replacement fraud are on the rise, and the threat may escalate in the future.”
