The package said “thank you gift” but the sender was unknown. It was delivered to Mr. Dac’s house (Ho Chi Minh City) at the end of February. When he opened it, he saw that he was given a rice scoop and a scratch-off ticket.
“I buy a lot of things online. Seeing that the parcel had the correct name and phone number, I opened it,” Dac said.
After scratching, the ticket announced the third prize, with a gift worth more than 5 million VND. To know how to redeem rewards, users are required to scan the QR code printed on paper. The QR code points to a website requesting a software download. Suspecting fraud, he did not follow.
The gift includes a spoon and a piece of paper containing the winning notice. Photo: Huy Dac
According to the Department of Information Security – Ministry of Information and Communications, if not vigilant and follow instructions, users can become victims of tricks to access websites to steal information or install malicious code.
The Department said the phenomenon of sending gift parcels with prize announcements containing QR codes inside has been on the rise recently. Thieves send low-value items in the name of customer gratitude, then trick them into scanning QR to receive gifts worth millions of dong. Users may be taken to a malicious website, such as an impersonation page where they enter personal information, account information, or download malicious code to the device.
“This is a new form of fraud that has appeared and is very dangerous,” the Department assessed.
There are currently no statistics on victims. However, QR code fraud is considered to be becoming more sophisticated as it continuously creates new scenarios to lure users. Previously, there was a phenomenon of thieves pasting over payment QR codes at stores, causing users to mistakenly transfer money. In addition, this method is also used in messages or emails to bypass filters to navigate to bad websites.
The Information Security Department recommends that users be cautious when scanning codes, especially codes in public places or sharing via social networks or email. With a QR leading to a website, you need to check the link to see if it starts with “https” and is a familiar domain name.
Luu Quy
EN 
VI
Leave a Reply
You must be logged in to post a comment.