How hackers can rob you just by reading a QR

For some time now, QR codes have become an excellent method to display updated and/or real-time information by opening a web address after scanning it with your mobile. As the coronavirus pandemic reduced its incidence, businesses were forced to use this system to, for example, see the menu in bars and restaurants, access updated information at the time of a business or government institution, buy tickets for a concert or event, make an appointment online among other uses.

How hackers can rob you just by reading a QR

But, as the friends of the alien have seen how this type of code has become commonplace, they have not been slow to take advantage of it. A few days ago, news related to an alleged scam was discovered in the Carabanchel neighborhood of Madrid through QR codes. Several vehicles from this Madrid neighborhood woke up with a fine on the windshield of their vehicle, a fine that included a QR code. Scanning this code would open the Madrid City Council website, specifically in the section that allows users to pay fines electronically . In the end, everything came to nothing since the website that was shown was really that of the Madrid City Council and not a similar one whose intention is to appropriate the offenders’ credit card numbers.

Beware of scanning any QR code

Anyone from the Internet can generate a QR code that refers to a web page, since it is not necessary to use any specific and very specific application that is available to very few.

Since it is so easy to generate this type of code, any person with lucrative purposes and the appropriate knowledge can not only generate websites where they can make payments of all kinds (fines, taxes and others), but can also include codes on the website. linked that download malicious software to our device whose purpose is to steal our personal data, including bank data that we have stored on our smartphone.

They can even block our mobile phone in exchange for a ransom, as is the case with ransomware attacks, attacks that filter all the files on a PC in exchange for a ransom that allows them to obtain the decryption key.

How to avoid problems

Most of the QR codes that invite us to make a payment via telematics are the most dangerous , since, as we have mentioned above, it is very easy to impersonate any web page and pass it off as the original (phishing) inviting the user to Enter credit card details. If it is a code that is found on a promotional poster for an event and that invites us to scan the QR code to buy tickets, we must make sure that the code is not stuck in the wrong way on the poster, since it is a clear indication that something is not right.

If we want to make a payment electronically in an official body, it must show the payment reference data, whether it is a fine or a tax. If not, it is clearly a website that is impersonating the identity or the organization’s management leaves much to be desired. If I have any kind of doubt, the best thing we can do is use a web browser on a PC since these do inform us if it is a website that is supplanting another, a functionality that works on mobile devices.