## Swiping the QR code to receive a free gift, the woman did not expect that when she was sleeping well at night, the money in her account suddenly lost several hundred million. ## **(Scan QR code)(https://soha.vn/quet-ma-qr.html) lost money** The woman visited a bubble milk tea shop and saw a sticker on the glass door invite customers to take an online survey to receive free milk tea. Faced with the opportunity to receive a free gift, the 60-year-old woman scans the QR code pasted on it and downloads a third-party app to her Android phone to complete the “survey”. That night, while sleeping, the woman’s cell phone suddenly lit up. From the download app, the scammer used to take over the device and steal $20,000 from this person’s bank account. This is not the only victim. In April, the police and the Singapore Cybersecurity Authority warned about downloading apps from suspicious websites that would infect them with malware. The software will steal confidential and sensitive data, including banking login information. Since March, at least 113 victims have lost at least $445,000, police said. “While malware scams are not new, the ways in which app scammers are increasingly sophisticated,” said Beaver Chua, head of fraud prevention at OCBC Bank. “Besides the banners that pop up when visiting the website, pasting fake QR codes outside food and beverage outlets is another ploy, as consumers may not be able to distinguish the official QR codes from the fake ones. “. ## **How it works** When scanning a QR code, the victim is asked to download an app containing malware, which asks for permission to access the phone’s microphone and camera. The malicious app also requests permission to access Android’s Accessibility Service, a feature that aids disabled users, allowing fraudsters to view and control the victim’s screen. The scammer then waits for the victim to use the mobile banking app and record the login and password information. Not only that, the crook can disable the facial recognition function, so the victim has to enter the account details. They then access the camera to monitor the victim’s activities, waiting for the right moment to strike. At night, while the victim is sleeping, the scammer takes control of the phone through malware. They will log into the victim’s mobile banking app and transfer the money to another bank account. “This scam is very insidious because the scammers have taken over the victim’s phone. Because they lose control of their bank account, they won’t even know when they’ve lost all their money,” expert Chua said. speak. College student Char Shao Wen, 25, who buys bubble tea twice a week, said she is always wary of scanning QR codes at such stores. “I regularly drink bubble milk tea, so I felt very scared when I heard about such a scam. If it was pasted near official QR codes, I think it would be much harder to detect,” she said. Expert Chua said scammers also stick fake QR codes on lampposts near traffic lights, waiting for victims to bite the hook. Yeo Siang Tiong, general manager for Southeast Asia at cybersecurity firm Kaspersky, stressed that businesses should be wary of advertising stickers and QR codes that are placed on their premises without even knowing it. In 2022, Singapore scam victims lost $660.7 million, up from $632 million in 2021, bringing the total lost to nearly $1.3 billion over two years. There were 31,728 reported phishing cases in 2022, up from 23,933 cases in 2021. More specifically, Kaspersky expert Yeo said this type of fraud is common on the Android operating system, because it is the platform. Open source platform, allowing anyone to customize. In contrast, iPhone users are less likely to be scammed by malware because iOS users can only download apps from the Apple App Store, which has strict regulations for app developers. Only legitimate and safe apps can be downloaded by users.