Victim scans QR code, loses $20k to bubble tea survey scam while she was sleeping

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea.

Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.

That night, as she was sleeping, her mobile phone suddenly lit up.

Thanks to the app she had downloaded, scammers used it to take over her device and moved $20,000 from her bank account.

How the scam works​

Mr Chua said that when the victim scans the QR code, he is prompted to download an app containing malware and is made to grant access to the phone’s microphone and camera.

He is also asked to enable Android Accessibility Service, an app intended to assist users with disabilities, which allows the scammer to view and control the victim’s screen.

The scammer waits for the victim to use his mobile banking app and notes his login credentials and password. The scammer can also disable the facial recognition function, so the victim has to physically key in his details to log into his account, allowing the crook to record the information.

The scammer then accesses the camera to monitor the victim’s activity, waiting for the right moment to strike.

At night, when the victim is sleeping, the scammer takes control of the phone through the malware.

He logs into the victim’s mobile banking app and transfers money out of his bank account.

Said Mr Chua: “This scam is so insidious because scammers take over the victim’s phone. And because victims lose control of their Internet banking account, they won’t even know when their savings have been completely wiped out.”
 
Nov 1, 2022
28
I'm always fuming when I learn of something like this... Normal people have to work a year or two to save up that much cash, but scammers keep on finding "shortcuts" to make us hate technology and lose hope for a better future... Preying on the elderly is such a low, low thing to do. It's cases like this that prevent me from ever getting my grandpa a modern phone.
 

billink

Level 1
Feb 8, 2023
5
Re-reading this and it's equally scary. Got me thinking. QR codes have a bunch of cool uses. Like, they help businesses handle data super securely, especially sensitive stuff. Plus, they can stop fake stuff by giving products unique QR codes to prove they're the real deal. Then, for marketing, these QR codes can change content based on what you like, making ads way more interesting. Loyalty programs - give customers points and rewards, discounts, and surveys, all of which you can share via a QR code. Also, they work as passes for places. Oh, and they're awesome for keeping track of inventory. Anyone can figure out how to make a QR Code and find a use case that works for their business. Now, expectedly people have safety concerns, especially after reading articles of this type. What can be done about this is to look up safety recommendations and ways to protect yourself from cyber-attacks, if you're scanning QR codes. And look for a safe platform, for example, one that is SOC-2 and GDPR compliant, if you're the one creating them. That's all nice and lovely for us, however, elderly people remain the most vulnerable category (and personally, this makes me furious). I always see my grandma's face when I read something like this. Okay, that's it, now I got to go call her.
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top