In early March, Google said it expected to end support for two-factor authentication using SMS messages on Gmail.
Gmail spokesperson Ross Richendrfer said the goal of the change is to "reduc the impact of SMS abuse globally".
Instead of entering a phone number to receive a authentication code via text message, users will scan the QR code provided by Google.
However, scanning QR codes also raises many security concerns. In fact, there have been many acts of taking advantage of this method to commit fraud.
According to Lao Dong reporter's research, some forms of fraud using QR codes are popular:
1. Fraudulent appropriation of property
The scammer took advantage of the loophole by printing a QR code with the bank account of this scammer, then pasting it onto the QR code of a store, restaurant or other payment point.
When people scan the code and transfer money, the money is not sent to the right store, restaurant and payment points but is sent to the accounts of the scammers.
2. Fraudulent information stealing
The trick that the subjects often do is that after making friends on social networks to talk to the victim, they will send a QR code for the user to scan.
This code leads to fake bank websites, which require users to enter information such as full name, citizen identification number, account number, etc. From there, users have their accounts taken over or have their information taken over.
3. Fraud leads to links and websites containing malware
Recently, there has been a situation where malware QR codes are easily disseminated in articles and images through messaging applications, forums, groups on social networks, and livestream screens. When users scan the code, it will be redirected to gambling and prostitution advertising pages with malware that can be installed on the phone.
Recently, Ho Chi Minh City Police issued a warning about some subjects hanging plastic cards with kilos worth VND 30,000, VND 50,000, VND 100,000 on motorbikes or in front of people's houses.
The card shows the steps to scan the QR code to receive money or contact the customer service department.
According to Ho Chi Minh City Police, when people scan QR codes, their phones can be hacked, their controls taken over and scammers can easily take money from their bank accounts.
In fact, QR codes are not necessarily direct attack malware but only an intermediary to convey content. Therefore, whether the user is attacked or not depends on how the content is handled after scanning the QR code.
Therefore, the authorities recommend that people be cautious before scanning QR codes, especially be vigilant with QR codes shared in public places or sent via social networks, emails, absolutely do not provide personal information such as bank logins, social network accounts.
Be vigilant against requests to scan QR codes or access strange links, identify and carefully check the account information of the QR code exchanges to carefully consider the content of the website that the QR code provides.
Not providing OTP/Smart OTP authentication code to anyone, including bank employees.
Immediately change the account password that suddenly leaked or has a warning that you are logged in on another device.
