Online banks, the police warn: this scam makes you lose all your money
Never enter your online banking credentials on a site that opens via a QR code, warns Finnish police.
According to the press release, criminals use this strategy to direct people to scam sites, where they can steal the credentials of the unfortunate people's bank accounts.
The QR code is a square barcode that can be read with your phone's camera and serves as a quick route not only to visit websites, but also to install applications or even pay.
Many websites and service providers have long used these codes instead of direct site addresses.
But be careful: QR codes are easy to tamper with.
The QR code scam causes you to lose all the money in your current account.
The email spam blocker may not identify messages containing "malicious" QR codes or, for example, the code of an advertisement found on the street may have expired and be used by scammers for criminal purposes.
Or again, it is possible that scammers paste dangerous QR codes onto the original codes.
Improper use of these codes is called “quishing”.
The Interior Department of the Finnish Police recently received several reports from users of a well-known foreign classifieds site who, through QR codes, were directed to scam sites that closely resembled their bank's website.
Users received a notification that the product they were selling had been purchased through the service, and to confirm the purchase, they had to log in to the scam site with their personal online banking credentials or enter their card details to receive payment.
After logging in with online banking credentials or entering card details, unauthorized charges were made to the bank accounts or cards of the unfortunate individuals.
As often happens, abroad.
“In particular, I would advise people to be careful when foreign websites or services ask for identification using personal online banking credentials.
I recommend that people implement multi-step identification and confirmation methods across different services, so that online banking IDs or payment card information obtained through fraud cannot be used to make unauthorized charges without further confirmation,” commented Crime Commissioner Janne Sievänen, who continued: “Become familiar with the online services you use and ensure their reliability before entering your personal information.” How to avoid the scam You should never access your bank's website via an indirect link, be it a QR code or a link in an email.
Save your bank's authentic web address in your browser bookmarks and always use that.
Or you can write the address in your browser's search bar, paying attention to typos.
Don't use a search engine to find your bank's website.
It is possible that websites in the hands of malicious actors may also appear in the results.
The safest way to use banking services is with your bank's app installed on your phone.