Skip to main content
Advertisement
Live broadcast
Main slide
Beginning of the article
Озвучить текст
Select important
On
Off

Remote fraudsters have started using QR codes for contactless transfer of funds in their schemes, the press center of the Russian Interior Ministry reported. The attackers send their victims a screenshot or a QR code directly, which allows them to identify the customer at ATMs and transfer funds to the account. For details on how fraudsters use QR codes to steal Russian funds, what distinguishes such schemes and how to protect themselves from them, read the Izvestia article.

What did the Interior Ministry say about the theft using QR codes?

The press center of the Ministry of Internal Affairs of Russia reported that remote fraudsters began using QR codes for contactless transfer of funds in their schemes.

"The use of contactless money depositing using QR codes is gaining popularity among the criminal community. A screenshot or a QR code is sent to the victim's technical device in the messenger, which allows them to identify the client at ATMs and transfer funds to the account," they said.

деньги
Photo: IZVESTIA/Polina Violet

The Ministry of Internal Affairs clarified that in various credit institutions the limit for such operations ranges from 15 thousand to 100 thousand rubles. Attackers use social engineering techniques to convince victims to withdraw cash or cash out of their accounts, after which they transfer them through ATMs to cards used in criminal schemes. Subsequently, the stolen money is distributed among accounts related to criminal activity or withdrawn in other regions unrelated to the victims' place of residence.

Why are QR codes for transfers interesting to scammers

QR codes for transfers have become widespread in recent years due to a number of advantages, says Elena Zavodova, head of the Audit and Compliance department at the Ural Center for Security Systems (UCSB), in an interview with Izvestia.

Such codes do not require entering long details and are available in any situation when there is no card or cash at hand, as well as in cases of temporary unavailability of standard non—cash payment facilities, for example, in case of purchase failures at supermarket checkout desks or terminals on public transport, — says the expert.

код
Photo: IZVESTIA/Eduard Kornienko

Meanwhile, according to the editorial's interlocutor, the external simplicity of QR codes hides the main risk - a person cannot physically verify which details or link are embedded in the code before scanning, which makes it a convenient tool for intruders. On the technical side, fake code generation does not require complex knowledge or infrastructure hacking, and the difficulty of tracking transferred funds reduces the chances of their return. In turn, Kaspersky Lab's chief expert Sergey Golovanov adds that QR codes, as an element of fraudulent schemes, make it possible to break the link between the sender and the final recipient of financial resources, complicating the analysis of transactions and helping to confuse the "money trail".

What schemes with QR codes to expect from scammers in 2026

In 2026, in terms of fraudulent schemes with QR codes, we should expect a deeper study of the "legends" in messages for potential victims, says Alexandra Shmigirilova, GR director of the Security Code information security company. According to the expert, this can be the payment of fines, receipts, taxes, or, conversely, the promise of payments from the state, preferential conditions, medical services for certain categories of citizens, and huge discounts and unique offers for the holidays.

"With the help of modern technologies, all these documents will be prepared very convincingly, and the QR code will become just one of the tools for implementing the scheme," says the Izvestia interlocutor. — Given the convenience of QR codes for payment, fraudsters will specifically highlight the simplicity and speed of the method in the offer.

хакер
Photo: IZVESTIA/Sergey Konkov

In turn, Dmitry Ermakov, head of the Fraud Protection department at F6, expects an increase in the number of phishing bots in messengers that have replaced QR codes, for example, under the guise of authorization in public Wi‑Fi networks, videos with QR codes of intruders, as well as fake advertising messages and crowdfunding campaigns that indicate a QR code instead of traditional ones. banking details.

What fraudulent schemes with QR codes have been encountered before

Meanwhile, fraudsters have tried to integrate QR codes for money transfers into their schemes before. As Konstantin Larin, head of the cyber intelligence department at Bastion, says in an interview with Izvestia, in previous years, attackers massively used fake QR codes to pay for goods and services, parking, utility bills, as well as to connect to supposedly free Wi-Fi or join fake chats of management companies in residential buildings.

— There were also cases of substitution of the original codes in public places — the money after payment went not to the seller, but to the attackers, — says the specialist.

In addition, according to Sergey Golovanov, fraudsters have recently sent emails allegedly on behalf of government agencies with a QR code that led to a fake shipment tracking page. There, the user was persuaded to pay a small amount for receiving or tracking "documentation", after which the money fell to the attackers.

хакер
Photo: IZVESTIA/Polina Violet

In turn, Irina Dmitrieva, a business analyst of cybersecurity systems at Gazinformservice, notes that all users of remote banking services who perform transactions using QR codes but do not check the final details of payment recipients are at risk of such schemes. At the same time, the risks increase in cases when intruders take users by surprise and force them to act very quickly, exerting a psychological impact on them.

"However, the main danger lies not in the QR code itself, but in the fact that the person himself confirms the transfer, sincerely believing that the payment is secure," the expert notes. — It is problematic to cancel such a transaction, since it is carried out by a person's own hands.

How to protect yourself from fraud schemes with QR codes

In order to protect themselves from fraud schemes with QR codes, experts interviewed by Izvestia advise following certain cybersecurity rules. For example, you cannot deposit cash through an ATM using a code sent by an outsider, recalls Yakov Filevsky, an expert on sociotechnical testing at Angara Security.

— Banks, police and government agencies do not "rescue" money through instant messengers, — the expert notes. — You can also not transfer the QR code created in the banking application for cash withdrawal to anyone. In such situations, you need to slow down as much as possible and understand each required step: why and why.

банкомат
Photo: IZVESTIA/Sergey Lantyukhov

In turn, Artem Beley, a senior analyst at Positive Technologies, urges never to scan QR codes from unverified emails, ads, or text messages. If a payment notification has been received (fine, housing and communal services, tax, etc.), it is necessary to verify the data through official applications, mobile banking or the website of the management company.

In addition, it is important to be vigilant in ads or in public places: if the code is pasted on a sticker and looks out of shape, it is better not to scan it. It is also important to keep an eye on the link. Before entering the data or confirming the payment, you need to make sure that the URL on the screen is correct and secure (with an HTTPS lock). Fake websites often use an unsecured protocol or a fake domain name. If the scanning application allows you to view the link in advance, it is worth studying it carefully.

карта
Photo: IZVESTIA/Polina Violet

— A universal indicator of fraud is any urgent requirement to perform actions dictated by a "bank employee", "investigator" or another person who directs your actions at the ATM, — the head of BI reminds.ZONE AntiFraud Alexey Luzhnov.

In such a situation, you should immediately stop talking and call the bank yourself at the number indicated on the bank card. By the way, today the anti-fraud systems of large banks monitor the risks of unauthorized transactions, including by QR codes, concludes Izvestia's interlocutor.

Переведено сервисом «Яндекс Переводчик»

Live broadcast