Why should we guard against the "QR code" scam?

"The mobile phone scanned a QR code, and Mr. Liu, who opened a Taobao shop, went to the bank to withdraw money and found that the bank card balance was 0"; "This is really a lie. After scanning the QR code sent by the seller, the phone bill of more than 50 yuan will be gone. " Recently, similar "complaints" about QR codes have emerged one after another. Many netizens find that their bank cards have been consumed after scanning the QR code or receiving documents sent by others, and the victims often suffer heavy losses: many thieves ransacked the bank card demand deposits.

With the popularity of Weibo, WeChat, Alipay and other applications, QR code has become a common information channel. Consumers can scan a lot of useful information, such as the price of goods, the place of origin of goods and so on, by pointing the lens of the mobile phone at the QR code. The initial use and promotion of QR code has brought a lot of convenience to consumers, but at the same time, more and more criminals use the loopholes of QR code for fraud. Why is the QR code that once provided convenience for consumers now a trap?

Random code scanning leads to money loss

According to the data, the QR code is a black-and-white figure distributed on the plane (two-dimensional direction) according to certain rules, and it is a key to all information data. In modern business activities, it can be widely used, such as product anti-counterfeiting, traceability, advertising push, website link, data download, commodity trading, electronic certificate, information transmission and so on. In fact, the invention of QR code initially provided great convenience for consumers. Consumers can get a lot of product information by swiping their mobile phones.

However, recently, many netizens reported that there were many unexpected "situations" after scanning the QR code. Mr. Zou is a Taobao seller, specializing in the production and installation of doors and windows. Not long ago, a strange buyer took the initiative to contact Mr. Zou, but did not mention what goods to buy. Instead, I sent a QR code in the chat message, saying, "Scan the mobile phone WeChat to see the details of the doors and windows you want to buy." According to Mr. Zou's feedback to the 360 online shopping first compensation center, after he installed the software in the QR code, the other party asked for his mobile phone number on the grounds of "convenient contact" and then left under the pretext of eating. Mr. Zou didn't care at first, but an hour later, he suddenly found that his Want Want account couldn't get on. The original password was changed, and then he checked the Alipay account and found that not only the 3,000 yuan in the balance was stolen, but also the CCB card bound by Alipay was consumed by 2,000 yuan, and his account was also associated with an Alipay account registered with a strange mobile phone number.

Not only the seller is cheated by the QR code, but also the buyer will be confused by the QR code. Netizen Ms. Zhang told reporters that she was optimistic about a dress in online shopping, and the owner claimed that she could get more information by scanning the QR code. So she scanned the QR code and installed the software according to the instructions. As a result, her mobile phone crashed without waiting for more detailed information. At this time, Ms. Zhang went to the store again, and the store was off the assembly line. It was under the guidance of the swindler that Ms. Zhang scanned their pre-made QR code with Trojan virus, which led to the paralysis of her mobile phone.

In fact, there are not a few problems with mobile phones after scanning QR codes like Ms. Zhang. On the contrary, it is only the lowest level of QR code fraud, and the ultimate goal of criminals is always the money in consumers' pockets. And why is Mr. Zou's payment account strangely stolen? How can a small QR code steal money?

Two-dimensional code hidden virus

It is understood that before the victim's funds were stolen, most of them used Android phones to scan QR codes, or used Android phones to receive and install unknown apk files. Kingsoft Internet Security experts pointed out that the theft of online banking funds is directly related to these apk documents. Due to the poor safety awareness of victims, it is easy to install programs provided by strangers on mobile phones, and only in this way will funds be stolen. "These apk files are all mobile phone viruses, and their function is simple: intercept the victim's mobile phone text messages and transmit the text messages by SMS forwarding or email. The key information of SMS content is the verification code sent by online banking or third-party payment websites. " Kingsoft Internet Security expert said, "The virus itself cannot independently complete the function of stealing online banking funds. The core threat is to steal the verification code. We named this virus the captcha thief. " Kingsoft Internet Security Center analyzed nearly 200 captcha thieves and found that some directly intercepted all mobile phone messages to the virus author's mobile phone. At this time, the victim's mobile phone will not receive any news. Some captcha thieves filter the content of short messages, only intercept short messages with keywords such as "bank, captcha, payment", and get the content of short messages through SMS forwarding or email. This is relatively hidden. When the consumer finds the abnormality, the bank card balance has been looted.

Take SMS for example, how can the money in the bank card be lost? Many people don't notice that SMS has actually become the security cornerstone of online banking payment and fast payment. The opening of online banking function, the login and consumption of payment tools all use SMS to verify identity. When your mobile phone is equipped with a Trojan horse that intercepts short messages, it is equivalent that your mobile phone is in someone else's hand at the moment. And this person with your mobile phone knows the victim's personal information through other channels like a person who knows you like the back of his hand. A person who knows everything about you can control your bank card at will by taking your mobile phone.

According to security experts, thieves who write verification codes do not need advanced skills. In fact, some captcha thieves are complete novices. The thief's mobile phone number and email account password are easy to find in the virus code. Logging into these mailboxes used to collect short messages from victims has made an even more amazing discovery: there are thousands of emails collected by the author of the captcha thief and hundreds of victims. Many payment tools, including online banking and Alipay, have become the prey of captcha thieves. Through the analysis and statistics of captcha thieves, Kingsoft Internet Security Center shows that captcha thieves are more active than online shopping Trojans that flooded computers a few years ago, and the actual losses caused by captcha thieves to netizens are much higher than those caused by online shopping Trojans in the past. Captcha thieves have become the number one enemy of online banking security for smartphone users.

"code scanning" is very dangerous

Although QR codes are becoming more and more common in the market, many consumers still don't really realize what QR codes are. Ms. Zhang later said: "I didn't know what a QR code was before, and I didn't expect the result to be so serious." The "ignorance" of consumers provides an opportunity for criminals.

Software professionals remind consumers: "QR code is actually a string of URLs, which is very simple to generate and publish. The production of QR code is also a "zero threshold". Just download a QR code generation software and put in relevant links to generate a QR code picture. So someone put the website with the virus program in the QR code. If the consumer accidentally brushes it, it may be poisoned. " Therefore, experts remind many consumers to make clear the source of QR code before scanning, and don't scan it when you see it, which is easy to fall into the trap of criminals. Generally speaking, the QR codes provided on posters of regular newspapers, magazines and well-known shopping malls are safe, but the QR codes published on websites with unknown sources need to be vigilant.

360 security experts said that the QR code can't be "scanned at the sight of the code", especially the QR code sent by strangers, such as the QR code with software download and account login, and the page should be closed immediately. If the mobile phone has scanned the suspicious QR code, you should use professional security software such as 360 mobile guards to kill it, so as to avoid the leakage of short messages and even cause property losses.

Some mobile phone players suggest that if you are "code scanning control", you should choose a professional code scanning tool with monitoring function, and there will be security reminders when scanning suspicious websites. After installing the software installed by QR code, it is best to scan it with anti-virus software before opening it. Of course, consumers can also choose a code scanner with recognition function for real-time monitoring. This kind of mobile phone security software adds detection function, and will give security reminders when scanning suspicious websites.

Consumers should enhance their awareness of prevention in the face of QR codes. If the mobile phone is bound with a bank card, don't deposit too much money in the bank card to avoid a chain reaction and cause great losses. At the same time, don't be tempted by criminals. For example, scanning the QR code will have the trap of preferential policies. The government and relevant departments should also strengthen the management and regulation of the QR code market. Many of its own situations make it more difficult for the government and relevant departments to manage QR codes, such as the low threshold for making and the inability to formulate unified restrictions. Therefore, the government should quickly study with relevant departments and formulate effective management plans to prevent the recurrence of scanning QR code fraud.