|
|
Initially, QR codes were used solely for informational purposes, such as to advertise a website or invite users to subscribe to social media pages.
Scams with QR codes appeared during the pandemic, when they were required to visit public places: cafes, shopping centers, as well as on trains and planes. At that time, attackers offered fake content writing service vaccination certificate codes, Ivan Lebedev, head of the anti-phishing group at the Group-IB Information Security Incident Response Center, reminded RSpectr.
After this technology began to be used for payment, the role of QR in the digital space has increased dramatically. The trend of rapid spread of this technology is observed all over the world. By 2025, the global volume of payments made using this technology will increase by 25% to $3 trillion, analysts at Juniper Research predict .
The impetus for the widespread use of QR codes in Russia was the departure of the Google Pay and Apple Pay phone payment services in March 2022
Since then, Russians' interest in this method of payment has grown sixfold, according to a study by Tinkoff Business. At the end of 2022, 24% of buyers in the Russian Federation paid for at least one purchase using a QR code, analysts calculated. A year earlier, the share of service users was 3.5%. According to experts' forecasts, by mid-2023, the number of purchases using QR codes in Russia will grow by 50%.
But along with the widespread use of this payment method, the number of cases of fraud associated with it began to grow rapidly, noted Alexey Drozd, head of the information security department at SearchInform, in a conversation with RSpectr.
The mechanics of QR code scams depend on which of the two popular payment methods is implemented.
Alexey Drozd, SearchInform:
– In the first option, the seller has a static QR code and the buyer enters the amount themselves to transfer it to the seller for the goods. In the second option, the seller generates a dynamic code for each transaction. It already has the payment amount embedded in it. The user only needs to confirm the payment.
In the first case, additional action is required on the part of the buyer (enter the amount), and in the second case, on the part of the seller (generate the code). There may be fraud on both sides, he explained.
For example, the merchant does not track every transaction, so a customer can create a fake receipt and present it to the merchant as proof of payment.
In Russia, the second option is more often implemented, since the possibility of payment via QR has appeared in stores, where a separate code is generated for each transaction, noted Alexey Drozd.
HOW TO PROTECT YOURSELF
The risks of using QR are that they can contain absolutely any link that is hidden from the user, Ivan Lebedev said. Usually, the user evaluates the safety of a link or code not by its appearance, but by the sender and the result of the transition, he noted.
|
|
發表於 2024-11-9 16:27:52