SBI warns customers about QR scans

The State Bank of India (SBI) has warned its customers about QR scans because of increasing incidents of cyber scams and online fraudsters. QR codes have become an increasingly popular modus operandi for scammers to cheat people.

“You don’t receive money when you scan a QR code. All you get is a message that your bank account is debited for an ‘X’ amount. Do not scan #QRCodes shared by anyone unless the objective is to pay. Stay alert,” SBI tweeted.

The bank has also shared a two and a half minute video explaining a situation on how scanning a QR code will actually result in debiting money from one’s bank account. The scam starts with someone putting an item on an online sale website. That’s when the fraudsters pose as buyers and share the QR code to pay an advance or token amount. They then create a QR code and share it with the intended victim through WhatsApp or email. They will ask the victim to scan the QR code sent by them so that they will receive the money directly into their bank accounts. As such, the victims scan the QR codes sent by the fraudsters presuming that they will receive the money in their account but they end up losing money.

The Army Criminal Investigation Command’s Major Cybercrime Unit, in an alert issued at last month, said users should be wary of cybercriminals who may try to use QR codes to steal users’ money. When smartphones scan a QR code, which is made up of black and white dots arranged in a square, the code will typically open up a browser or enable a payment to a business. There have been cases wherein criminals have tricked people through social engineering to trust their QR codes to make payments, only to find their bank accounts drained later.

To avoid such scams, the Army has warned users to not scan randomly found QR codes, QR codes that appear to be printed on a label on top of other codes or QR codes sent in emails. The Major Crime Unit also warned users to be particularly suspicious if after scanning a QR code, a password or credential box pops up.

Also Read: US considering waiver of intellectual property rights on COVID-19 vaccines

The alert acknowledged the fact that users can’t decipher where exactly a QR code will lead them, just as some users have trouble differentiating between malicious links from legitimate links in their email inbox. Law enforcement entities in the Netherlands and ING, a Dutch banking company, have previously warned against trusting random QR codes and spotting potential criminal schemes. However, prevalence of QR codes during the COVID-19 pandemic are raising concerns that fraudsters may be looking to take advantage of those trying to embrace touch-free technologies during the global health crisis.

Some governments around the world, as per CyberScoop, have introduced QR codes into contact tracing agendas, such as in western Australia, where some businesses have required to participate in contact registers, which can with activated with QR codes, for COVID-19 contact tracing.