QR code frauds have increased in India due to digital payments. Phishing URLs and malware-laden apps can be hidden in aesthetically similar QR codes, according to a report.
A recent analysis found over 20,000 QR code scams in India since 2017, as digital payments grow. Bengaluru had 20,662 QR code, malicious link, and debit/credit card fraud cases between 2017 and May 31, 2023, 41% of all cases.
Palo Alto Networks’ analysis underlines the difficulty of distinguishing authentic QR codes from fake ones due to their visual similarity. By replacing QR codes with their own, attackers can compromise a business’s website.
Unsuspecting people scan these altered codes and are routed to phishing URLs, where fraudsters can steal email or social media credentials. Users may be directed to a shady app store and download malware including viruses, spyware, trojans, and others. Data theft, privacy breaches, ransomware attacks, and crypto-mining can result.
Vicky Ray, Principal Researcher at Palo Alto Networks, noted the frequency of QR code-related scams in pubs, restaurants, lounges, stores, and clubs. Attackers secretly change QR codes, risking UPI payments and financial harm.
Digital payments are booming in India, as the United Payment Interface exceeded 10 billion monthly transactions in August with a value of Rs 15.18 trillion ($204.77 billion).
Cybercriminals also utilize “evil twin” or hotspot honeypots, according to the report. Threat actors create insecure Wi-Fi networks that offer free internet to QR code scanners. Hackers steal corporate, online banking, and credit card data by intercepting and eavesdropping on sent data.
To prevent these cyber traps, people should only use secure Wi-Fi networks as hybrid working grows worldwide. The research emphasizes the necessity for cybersecurity awareness and attention in a digital world.
QR code frauds have increased in India due to digital payments. Palo Alto Networks reported over 20,000 QR code, malicious link, and debit/credit card fraud cases since 2017, including 41% in Bengaluru. The paper notes that visually identical QR codes make it hard to tell fakes from real ones. By replacing QR codes with their own, attackers can compromise a business’s website. Unsuspecting people scan these altered codes and are routed to phishing URLs, where fraudsters can steal email or social media credentials. Users may also be directed to a shady app store where they download viruses, spyware, trojans, and other malware. Data theft, privacy breaches, ransomware, and crypto-mining can result. In August, India’s United Payment Interface (UPI) exceeded 10 billion monthly transactions, highlighting the growing importance of digital payments. Hackers deploy “evil twin” or hotspot honeypots to acquire personal or secret business information, online banking credentials, and credit card details, according to the research.