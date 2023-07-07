Fraudsters have come up with a new scheme of deception. They began posting announcements in the entrances about changing the key with a QR code leading to a malicious site. Izvestia found out why such codes are dangerous and what to do if a person has already clicked on the link.

Dangerous Ads

Since the beginning of summer, more than 10 fraudulent sites have appeared on the Internet offering services for making keys for intercoms. , told at RTK-Solar. Links to them are usually placed on flyers that are glued in the entrances of high-rise buildings.

In order to force people to follow the QR code, scammers use various psychological tricks: for example, they say that the intercom will soon be replaced in the entrance. And you can quickly order new keys using the link provided.

The resource where the code leads is a simple input form where you need to specify the address and the number of required keys for 300 rubles each. After that, the person is given the card number where this money needs to be transferred (the tenant, of course, will not receive any keys) . So that people do not have suspicions, scammers indicate at the bottom of the page the details of a real company engaged in the maintenance of intercoms.

According to Sergei Trukhachev, deputy director of the Solar AURA External Digital Threat Monitoring Center at RTK-Solar, such announcements in entrances often “work”, because scammers definitely hit the target audience – people least of all expect a trick when they see messages “on behalf of the management company “.

In fact, having noticed such (and other similar) ads, it is important to be vigilant: do not follow dubious links and, moreover, do not leave your data there or pay for something. It is better to first check its authenticity by calling the Criminal Code.

Payout scam

Today, scammers often use QR codes in their schemes. Even at the beginning of the year, advertisements began to appear in public places (at bus stops, walls of houses, parking lots, in elevators) all over the country offering to get a “free consultation on a guaranteed social payment”.

When a person scanned a QR code on paper, he got into a chat bot in a messenger that imitates the work of the official service of the department. There, the “consultant” confirmed that the Russian was entitled to a payment – as a student, a young parent, a novice entrepreneur or a pensioner.

,Immediately after that, the person was given a questionnaire, where he was asked to enter personal data – passport, SNILS numbers, card payment data and security codes. If the user believed the “consultant” and filled out the document, the criminals got access to his accounts or account on “Gosuslugi”. In the first case, they simply withdrew money, and in the second, they could take loans or credits as a sacrifice, steal pension savings, or even register a legal entity for a Russian for subsequent fraud.

According to the coordinator of the Moshelovka platform, Evgenia Lazareva, it is practically impossible to assess the degree of damage from such a scheme: it all depends on how compromised the victim was and how much was in her accounts.

“In some cases, fraudsters even managed to steal millions of credit money using unprotected access to a person’s account on the Gosuslugi portal,” the expert notes.

How does it work QR-code

A QR code is a type of barcode that has advanced features and stores a lot more data. The very name of the tool suggests that it helps to quickly move to another resource (QR – from the English. Quick Response, “quick response” or “quick response”), explains “Izvestia” Maria Fesenko, Information Security Specialist at Security Code.

The QR-code drawing contains an encrypted sequence of binary code, while each cell of the matrix stores its own information, which is grouped into larger cells – this allows you to increase the amount of encoded data. To read a QR code, you need specialized software that scans the code in the form of a grid and extracts data from the patterns in the matrix. Marks in the form of squares in the corners also help to read the code – they indicate the direction of reading.

– There are many different types of QR codes, which differ from each other in the amount of data, as well as the degree of reading with a certain amount of code damage. For example, users will be able to read the IQR code even if about half is damaged, although standard QR codes allow no more than 30% unreadable area Fesenko says.

The world’s first codes appeared in the early 1990s and were intended for business – they were used, for example, in the automotive industry in Japan (where they were developed by Denso, a subsidiary of Toyota). Later they began to be used in other countries and industries: for example, to connect to the wireless Internet.

QR codes came to “civil” society en masse during the pandemic — their use has grown by an average of 700%. Today, codes have firmly entered our lives: they are used for various types of online payments, the use of city services, such as scooters, and also in many other areas.

Schemes with codes

With the spread of QR codes, scammers also began to use them. According to Maria Fesenko, the first such schemes “Security Code” observed three years ago: as now, the codes acted as a link in the chain and led to a phishing web page imitating a real resource of a company.

“This phishing page could contain malware that downloads automatically, or it requires you to enter some confidential data, such as banking,” says an information security expert.

According to her, in addition to the “social benefits” story, a scheme with fake vaccination certificates for a nominal fee has recently been popular. Naturally, the user did not receive anything, and sometimes lost money, because he drove in his data to pay for the “certificate”.

— There were also widespread schemes with the substitution of QR codes on electric scooters (links led to phishing resources) and tip codes on cafe tables — as a result, people transferred money not to waiters, but to scammers – says Maria Fesenko.

However, the expert adds A QR code can be not only part of a chain – sometimes it acts as a button that performs a certain command, for example, secretly add a certain contact to the phone book, record geolocation, add a Wi-Fi address, and so on.

Find differences

The main difficulty with the transition along the “cuars” is that visually fraudulent codes are no different from legitimate ones, Fesenko notes. However, if the code is in the form of a sticker, you can try to pry it off with your fingernail – if there is another one below, you definitely shouldn’t go. In the case of a code on a rental vehicle, the appearance may alert: if, for example, the scooter is old and the sticker is new.

– Safe navigation through the QR code can mainly be provided by the official application. For example, banking software or sharing services will only be able to read their own codes, and if the application gives an error, it means that the code has been changed, ”Izvestia’s interlocutor explains. “You can also save yourself by scanning QR codes only from trusted resources, such as official websites and applications, in a cafe or a museum, and not from asphalt or the facade of a building.

Nadezhda Gulyaeva, Senior Lecturer at the Faculty of Information Technology at Synergy University, advises never click on QR codes at payment points – near ATMs, shops, ticket offices – if they offer alternative payment or purchase methods, attracting discounts or bonuses.

– In this case, the probability that the QR code was placed by fraudsters is almost one hundred percent. This category also includes all links with a limited validity period: here the expectation is that you simply will not have time to check, and you really don’t want to miss out on a profitable offer. Remember that the miser pays twice, says Gulyaeva.

Transition rules

If the user has already followed the code, it is important to pay attention to the web page itself: is it real or phishing, Izvestia experts say. Most often, scammers disguise their resources as websites of real organizations, but they cannot create a page with the exact same name – therefore, you first need to look at the address bar.

– There may be differences from the original name, for example, “c” together with “k”, extra characters, letters mixed up in places. And on the site itself, the main “bell” is the persistent offer of the portal to enter personal, especially financial data, explains Maria Fesenko.

If a person ends up on a suspicious resource, it is necessary to leave it as soon as possible, and then check the phone with an antivirus that catches most known cyber threats. It is also advisable to change all passwords in accounts.

Clicking on a QR code to a page with malware carries many risks: from losing personal information to stealing money from accounts, reminds Nadezhda Gulyaeva. Therefore, it is better not to do this without making sure that the code is safe.