Be careful when using QR Code for payment

New trick

Cashless payment, mobile payment is becoming a popular trend in transactions today, especially inconvenience store, restaurants, traditional markets. When the buyer needs to pay, just scan the QR Code with the phone, enter the amount and click transfer without having to enter the long account number as before.

However, besides the convenience, this is also a loophole that bad guys can take advantage of to steal money from business owners in a sophisticated way. Recently, the owner of a grocery store in Hanoi reported that his QR Code was overwritten with another QR Code to steal money. Normally, when a customer purchases and pays, a money receipt message will immediately be sent to the phone. However, after the customer transferred the money but did not see the message, the owner of this store checked the transaction history and saw that the money had been transferred to an account under someone else's name, while the customer claimed to have scanned the QR code on the wall at the store. Carefully checking again, the store owner saw that another QR Code sticker was overwritten on the store's QR Code.

It can be seen that this is a new trick that bad guys use to steal money. Although Nghe An has not recorded any cases of QR Codes being overwritten, this is also a lesson for businesses to be vigilant. Because in reality, many stores, for the convenience of customers, have placed QR Codes outside the door, placed them on the drinking table (for restaurants), or even pasted them on the wall in front of the store, while the store owner often stands at the counter, in the kitchen serving food... Many times, customers who have finished scanning the QR Code often do not check, and when they see the customer showing the phone screen to notify that the money has been transferred successfully, they nod, without waiting to see if there is a message notifying that the money has been received.

When we informed her about the new trick of pasting QR Codes to steal money, Ms. Ho Thi Tuyet, the owner of a seafood business in Vinh city, was quite surprised. Ms. Tuyet said that she had been pasting QR Codes right outside her store for customers' convenience and did not pay attention to whether the QR Code was pasted over or not...

According to representatives of some banks in Vinh City, the QR Code scanning method has become popular. Because QR Codes are special characters, it is difficult to distinguish with the naked eye. If the business does not include the account holder's name, it is easy to be overwritten and confused. Because scanning QR Codes helps users to make transactions quickly, many times without paying attention, in just a split second they click to transfer money, making the procedures for complaints and money recovery more difficult. Not to mention, those who intentionally overwrite QR Codes often do not use their own accounts but use fake accounts of others. After the money is transferred to this fake account, the subjects will immediately transfer it to another account, or transfer it through many accounts to avoid being investigated by authorities.

Using fake documents to open a bank account

Recently, the Criminal Police Department, Nghe An Provincial Police has just arrested two subjects Nguyen The Tuan (born in 1989), residing in Hong Linh town (Ha Tinh) and Vo Trong Huy (born in 1988), residing in Duc Tho district (Ha Tinh) for the act of forging seals and documents of agencies and organizations; using fake seals or documents of agencies and organizations. Previously, on July 3, 2023, the Criminal Police Department, Nghe An Provincial Police received a report from a bank with a branch in Vinh city about a group of subjects using high technology to appropriate property with a huge amount of money. After a period of investigation, the Criminal Police Department arrested the subjects Nguyen The Tuan and Vo Trong Huy. Through an urgent search of the residence of the two subjects, the authorities seized many fake ID cards, bank cards, 4G sim cards, documents recording information of bank accounts and passwords, etc.

After collecting information from the subjects, the police determined that from May to July 2023, Tuan and Huy used fake ID cards to go to bank offices in Nghe An, Ha Tinh, Thanh Hoa provinces... to create fake bank accounts. After using fake ID cards to create fake bank accounts, the subjects sold information along with login passwords and OTP codes for Telegram accounts named "HN" for prices ranging from 1,000,000 - 1,500,000 VND. With the above methods and tricks, the two subjects Nguyen The Tuan and Vo Trong Huy sold many bank accounts and earned a huge amount of money. Notably, after buying fake accounts from Tuan and Huy, the subject with the Telegram account "HN" used hacking tricks to steal nearly 2 billion VND.

The fact that Nguyen The Tuan and Vo Trong Huy used fake ID cards to open bank accounts shows that this is a new method and trick of criminal activity. The subjects took advantage of loopholes in customer information security of banks, telecommunications services... to commit crimes. Therefore, in addition to the drastic participation of authorities, banks and telecommunications services need to strengthen customer information security. Strictly control the opening and registration of bank account services, the registration and activation of phone subscriptions.

To raise awareness among customers, some banks have recently posted warning notices about risks when customers share their digital banking service login information with third parties. Providing digital banking service information to third parties puts customers at risk of having their service information stolen and losing money in their accounts. Therefore, banks recommend that people do not share any transaction information (even sending money transfer bills to others) with any other individuals or organizations. This poses a risk of having their service information stolen and losing money in their accounts.

Some banks also widely inform about fraud tricks through digital transactions, especially QR Code scanning. Specifically, many bad guys have taken advantage of making friends through social networks, then sending a fake QR Code for users to scan. This QR Code leads to fake bank websites. Users are asked to enter their full name, ID card number, account, secret code or OTP, from which their accounts are hijacked, or all the money in the account is withdrawn...

It can be seen that cashless transactions are a completely suitable trend in today's era, however, with the increasingly sophisticated tricks of bad guys, people need to be vigilant, absolutely do not lend or post images of citizen identification cards, identity cards and personal documents on social networks, to avoid being exploited by bad guys to commit crimes. For businesses when using QR Codes, they also carefully check the transaction results, customers themselves also need to verify specifically and accurately before making transactions, to avoid falling into unnecessary legal disputes.