In the digital age, QR codes have become a popular tool, serving many areas of social life.
Taking advantage of this, bad guys use the form of online fraud "Quishing" and this is becoming a dangerous "underground wave" in cyberspace.
"Quishing" (a combination of "QR code" and "phishing") is a form of fraud that uses malicious QR codes to lure victims to fake websites, install malware or make unwanted transactions.
Instead of suspicious links in emails or messages, scammers cleverly take advantage of QR code images, a tool that many people trust and use every day.
On his personal Facebook page, Mr. Nguyen Van Minh (character's name has been changed) recounted the story of being almost scammed by a person impersonating a police officer. They requested to access a website to get the order to work district.
The subjects informed that after successful registration, the state portal will send a notice to the bank to get the serial number.
Next, they asked him to download the QR code photo to his phone. In fact, this QR code is related to a bank transaction, scanning it means all the money in the account will be transferred away. The subjects repeatedly urged: "Click on, don't move the documents".
"When I translated the content, I discovered that it was a money transfer order, so I immediately turned off the phone and blocked their numbers" - Mr. Minh shared.
In early May 2025, Hanoi City Police issued a warning about Quishing scams, clearly stating popular "Quishing" tricks such as: Forged QR Codes in public places: stamping or replacing payment QR codes, information at restaurants, bus stations... with QR codes of subjects to appropriate money when users pay.
QR codes in email and fraudulent messages: Forgery of reputable organizations sending notices with QR codes leading to websites stealing login information or requests for money transfers.
Print QR codes of subjects on fake goods, virtual lottery tickets, and fraudulent documents to lure users to access dangerous websites or provide personal information.
Or the subjects can interfere in the scanning process, redirecting users to a data collection website before going to the real page.
"Quishing's" victims may face many serious consequences. The victim may have his personal information stolen, his name, address, phone number, email, social media account leaked, bank information, credit card stolen and illegal transactions made...
To contribute to preventing, preventing, and effectively combating this type of crime, the Department of Cyber Security and High-Tech Crime Prevention of Hanoi City Police recommends that people should check carefully before scanning the code as always verifying the origin and validity of the QR code, especially for strange codes or overlapping them.
At the payment point, it is necessary to check to ensure that the QR code is not interfered with. Avoid scanning QR codes with attractive promotions. Make sure the web address starts with "https://" and the organization's domain name is correct. Consider using an application with a malware link warning function.
Update security software with the requirement to ensure the device is protected by the latest virus terminal software.
Limit sharing personal information by being cautious when providing information after scanning the QR code.
Report signs of fraud by immediately notifying the authorities if you suspect being scammed.
