Exercise caution when using QR codes for payment.
(Baonghean.vn) - Taking advantage of cashless transactions, many unscrupulous individuals have used various tricks to defraud and steal money from people's bank accounts.
New tactic
Cashless payments and mobile payments are becoming a popular trend in transactions today, especially in stores.convenience storeRestaurants, local markets. When customers need to pay, they simply scan the QR code with their phone, enter the amount, and click "transfer money" without having to enter lengthy account numbers as before.
However, alongside its convenience, this is also a loophole that malicious individuals can exploit to cleverly steal money from business owners. Recently, the owner of a convenience store in Hanoi reported that their QR code had been covered up with another QR code to steal money. Normally, when a customer makes a purchase and pays, a confirmation message is immediately sent to their phone. However, after the customer transferred the money but did not receive a confirmation message, the owner checked the transaction history and found that the money had been transferred to an account under someone else's name, even though the customer claimed to have scanned a QR code posted on the store's wall. Upon careful re-examination, the store owner found another QR code sticker covering the store's QR code.

This appears to be a new tactic used by criminals to steal money. Although no cases of QR codes being tampered with have been recorded in Nghe An, this serves as a cautionary tale for businesses. In reality, many shops, for customer convenience, place QR codes outside the door, on tables (for restaurants), or even on the walls in front of the shop, while the owner is usually behind the counter or in the kitchen serving food. Often, customers scan the QR code without checking, simply nodding in agreement when the customer shows a notification that the money has been successfully transferred, without waiting for a confirmation message.
When we informed her about a new scam involving overwriting QR codes to steal money, Ms. Ho Thi Tuyet, the owner of a seafood business in Vinh City, was quite surprised. Ms. Tuyet said that she had always displayed QR codes outside her store for customers' convenience and hadn't paid attention to whether someone else had covered them up.
According to representatives from several banks in Vinh City, QR code scanning has become increasingly popular. Because QR codes are special characters that are difficult to distinguish with the naked eye, if businesses don't include the account holder's name, it's easy for them to be covered up and mistaken for something else. Since scanning QR codes allows for quick transactions, people often don't pay attention and transfer money in a split second, making it more difficult to file complaints or recover funds. Furthermore, those who intentionally cover up QR codes often don't use their own accounts but instead use fake accounts impersonating others. After transferring money to these fake accounts, they immediately transfer it to another account, or transfer it through multiple accounts to avoid detection by authorities.

Using forged documents to open a bank account.
Recently, the Criminal Police Department of Nghe An Provincial Police arrested two individuals, Nguyen The Tuan (born in 1989), residing in Hong Linh town (Ha Tinh province), and Vo Trong Huy (born in 1988), residing in Duc Tho district (Ha Tinh province), for the crimes of forging seals and documents of agencies and organizations; and using forged seals or documents of agencies and organizations. Previously, on July 3, 2023, the Criminal Police Department of Nghe An Provincial Police received a report from a bank branch in Vinh City regarding a group of individuals using high-tech methods to steal a large sum of money. After an investigation, the Criminal Police Department arrested Nguyen The Tuan and Vo Trong Huy. During an urgent search of their residences, authorities seized numerous fake identity cards, bank cards, 4G SIM cards, documents containing bank account information and passwords, etc.
After gathering information from the suspects, the police determined that from May to July 2023, Tuan and Huy used fake identity cards to create fraudulent bank accounts at bank branches in Nghe An, Ha Tinh, Thanh Hoa provinces, and other locations. After creating these accounts using the fake identity cards, they sold the login information, passwords, and OTP codes to a Telegram account named "HN" for 1,000,000 to 1,500,000 VND. Using this method, Nguyen The Tuan and Vo Trong Huy sold numerous bank accounts and profited handsomely. Notably, after purchasing a fraudulent account from Tuan and Huy, the individual with the Telegram account "HN" hacked into the bank account and stole nearly 2 billion VND.

The use of forged identity cards by Nguyen The Tuan and Vo Trong Huy to open bank accounts demonstrates a new method and tactic in criminal activity. These individuals exploited loopholes in the customer information security practices of banks and telecommunications services to commit crimes. Therefore, in addition to decisive action from authorities, banks and telecommunications services need to strengthen customer information security measures. They should strictly control the opening and registration of bank accounts and the registration and activation of telephone subscriptions.
To raise customer awareness, several banks recently posted warnings about the risks of sharing digital banking login information with third parties. Specifically, providing digital banking information to third parties puts customers at risk of having their information compromised and losing money from their accounts. Therefore, banks advise people not to share any transaction information (even sending money transfer bills) with any individual or organization. This poses a risk of information theft and loss of funds from your account.
Some banks have also widely publicized information about scams conducted through digital transactions, especially QR code scanning. Specifically, many malicious individuals have exploited social media friendships, then sent a fake QR code for users to scan. This QR code leads to fake bank websites. Users are then asked to enter their full name, ID number, account details, security code, or OTP, resulting in account hijacking or complete withdrawal of funds from their accounts.
It is clear that cashless transactions are a perfectly suitable trend in today's era. However, given the increasingly sophisticated tactics of malicious individuals, people need to be vigilant and absolutely refrain from lending or posting images of their citizen identification cards, identity cards, and other personal documents on social media to avoid having their personal information exploited by criminals. Businesses using QR codes should carefully check the transaction results, and customers themselves need to verify the details accurately before making a transaction to avoid unnecessary legal disputes.


