Users do not yet realize the dangers and treat QR codes lightly
The press service of the Bank of Russia warned of the emergence of a new fraud scheme that allows attackers to gain access to money without the victim’s bank card details. To steal money, criminals use the QR code cash withdrawal service, which has become available in some banks.
Attackers use the client’s ability to independently generate a QR code for the required amount in the bank’s mobile application. Then all that remains is to bring it to the scanner at an ATM and withdraw cash.
Fraudsters now do without bank card data: a QR code is enough
The scheme looks like this: fraudsters call bank customers under the guise of bank employees, report an allegedly unauthorized request to withdraw money from the account and ask to send a QR code to cancel the operation.
As explained in the Central Bank, scammers rely on the fact that the potential victim is not aware of the features of the code and is frivolous about the image with black and white squares, so he can easily share it.
The Central Bank emphasizes:
In this case, the QR code is actually an instruction to the bank to issue money without entering a PIN code. Therefore, they should never be shared with anyone. Also, do not store its image on your phone or in printed form. Real bank employees never ask customers for a QR code – do not forget to tell your loved ones about it, especially older ones.