Be careful when using QR Code for payment

New tricks

Cashless payment and mobile payment are becoming a popular trend in today's transactions, especially atconvenience store, restaurants, traditional markets. When the buyer needs to pay, just scan the QR Code with the phone, enter the amount, and click transfer without having to enter the long account number as before.

However, besides the convenience, this is also a loophole that bad guys can take advantage of to steal money from business owners in a sophisticated way. Recently, the owner of a grocery store in Hanoi reported that his QR Code was pasted over with another QR Code to steal money. Normally, when a customer buys and pays, a money receipt message will immediately be sent to the phone. However, after the customer transferred the money but did not see the message, the owner of this store checked the transaction history and saw that the money had been transferred to an account under another person's name, while the customer claimed to have scanned the QR code on the wall at the store. Carefully checking again, the store owner saw that there was another QR Code sticker pasted over the store's QR Code.

It can be seen that this is a new trick that bad guys use to steal money. Although Nghe An has not recorded any cases of QR Code being pasted over, this is also a lesson of vigilance for businesses. Because in reality, many stores, for the convenience of customers, have placed QR Codes outside the door, placed them on the table (for restaurants), or even stuck them on the wall in front of the store, while the store owner often stands at the counter, in the kitchen serving food... Many times, customers who have finished scanning the QR Code often do not check, and when they see the customer showing the phone screen to notify that the money has been transferred successfully, they nod, without waiting to see if there is a message notifying them of receiving the money or not.

When we informed her about the new trick of pasting QR Codes to steal money, Ms. Ho Thi Tuyet, the owner of a seafood business in Vinh city, was quite surprised. Ms. Tuyet said that she had been pasting QR Codes right outside her store for customers' convenience for a long time, but she did not pay attention to whether the QR Code was being pasted over or not...

According to representatives of some banks in Vinh City, the QR Code scanning method has become popular. Because QR Codes are special characters, it is difficult to distinguish with the naked eye. If the business does not include the account holder's name, it is easy to overwrite and confuse. Because scanning QR Codes helps users to make transactions quickly, many times without paying attention, in just a split second they click to transfer money, making the procedures for complaints and money recovery more difficult. Not to mention, those who intentionally overwrite QR Codes often do not use their own accounts but use fake accounts of others. After the money is transferred to this fake account, the subjects will immediately transfer it to another account, or transfer it through many accounts to avoid being investigated by the authorities.

Using fake documents to open a bank account

Recently, the Criminal Police Department, Nghe An Provincial Police has just arrested two subjects Nguyen The Tuan (born in 1989), residing in Hong Linh town (Ha Tinh) and Vo Trong Huy (born in 1988), residing in Duc Tho district (Ha Tinh) for the act of forging seals and documents of agencies and organizations; using fake seals or documents of agencies and organizations. Previously, on July 3, 2023, the Criminal Police Department, Nghe An Provincial Police received a report from a bank with a branch in Vinh city about a group of subjects using high technology to appropriate property with a huge amount of money. After a period of investigation, the Criminal Police Department arrested the subjects Nguyen The Tuan and Vo Trong Huy. Through an emergency search of the residence of the two subjects, the authorities seized many fake ID cards, bank cards, 4G sim cards, documents recording information of bank accounts and passwords...

After collecting information from the subjects, the police determined that from May to July 2023, Tuan and Huy used fake ID cards to go to bank offices in Nghe An, Ha Tinh, Thanh Hoa provinces... to create fake bank accounts. After using fake ID cards to create fake bank accounts, the subjects sold information along with login passwords and OTP codes for Telegram accounts named "HN" for prices ranging from 1,000,000 to 1,500,000 VND. With the above methods and tricks, the two subjects Nguyen The Tuan and Vo Trong Huy sold many bank accounts and earned a huge amount of money. Notably, after buying fake accounts from Tuan and Huy, the subject with the Telegram account "HN" used tricks to hack into bank accounts to appropriate nearly 2 billion VND.

The fact that Nguyen The Tuan and Vo Trong Huy used fake ID cards to open bank accounts has shown that this is a new method and trick of criminal activity. The subjects have taken advantage of loopholes in the customer information security of banks, telecommunication services... to commit crimes. Therefore, in addition to the drastic participation of the authorities, banks and telecommunication services need to strengthen the security of customer information. Strictly control the opening and registration of bank account services, the registration and activation of phone subscriptions.

To raise awareness among customers, recently, some banks have posted warning notices about risks when customers share their digital banking service login information with third parties. Providing digital banking service information to third parties will put customers at risk of having their service information stolen and losing money in their accounts. Therefore, banks recommend that people do not share any transaction information (even sending money transfer bills to others) with any other individuals or organizations. This poses a risk of having their service information stolen and losing money in their accounts.

Some banks also widely inform about fraud tricks through digital transactions, especially QR Code scanning. Specifically, many bad guys have taken advantage of making friends through social networks, then sending a fake QR Code for users to scan. This QR Code leads to fake bank websites. Users are asked to enter their full name, ID card number, account, secret code or OTP, from which their accounts are taken over, or all the money in their accounts is withdrawn...

It can be seen that cashless transactions are a completely suitable trend in today's era, however, in the face of increasingly sophisticated tricks of bad guys, people need to be vigilant, absolutely do not lend or post images of citizen identification cards, identity cards and personal documents on social networks, to avoid bad guys taking advantage of personal information to commit crimes. For businesses when using QR Codes, they also carefully check the transaction results, customers themselves also need to verify specifically and accurately before making transactions, to avoid falling into unnecessary legal disputes....