LKA Lower Saxony warns against phishing with QR codes by post
Fraudsters are looking for victims by post who scan a QR code and fall for the phishing link that opens, warns the Lower Saxony Criminal Police Office.
Criminals phish for monetizable information.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Phishing emails intending to obtaining sensitive and monetarily abusable information from victims are widely known. However, the Lower Saxony Criminal Police Office is now warning that in some cases, fraudsters are using letters to put pressure on potential victims to scan the printed QR code and enter valuable data on the website that opens.
On the polizei-praevention.de portal of the LKA Lower Saxony, officials warn that those who scan the QR code and follow the link end up on a fake banking page. This imitates the look of the bank specified in the letter.
(Image: LKA Niedersachsen)
The contents of the letters are already known from previous phishing waves that use emails as a medium. In the examples shown by the LKA Lower Saxony, the fraudsters claim: "In accordance with the EU regulations on the prevention of money laundering (AML) and the Know Your Customer (KYC) guidelines, we as a credit institution are obliged to precisely determine the identity of our customers and to check them again at regular intervals." To achieve this, the recipients must check the data and update it if necessary. "To make this process as easy as possible for you, we have attached a QR code. Please scan this with the camera of your smartphone," the criminals claim, supposedly helpfully. To increase the pressure, a date is also printed by which this must be done.
Different banks imitated
Two letters have similar text, but the senders are different. One letter purports to come from Commerzbank, the other from Deutsche Bank. If victims follow the links, they end up on a phishing page that has been adapted to look like this. The attackers guide the "victims through the various processes and ultimately gain access to the real online banking", adds the LKA Lower Saxony, and it is also possible to "request security-relevant TANs or confirmation via a TAN app".
The links in the QR code are shortened with link shorteners or use the top-level domain .ru, for example, and may therefore be perceived as illegitimate by attentive potential victims. The LKA recommends deactivating the option on smartphones to open links from QR codes immediately. The perpetrators could also design the URLs in such a way that only a part of the address that looks plausible appears on a cell phone display.
Few known cases have been reported in Lower Saxony so far. No damage has yet been caused. Potential victims contacted the bank hotline and asked about the authenticity of the letter or recognized the link as a fake when they opened it, which the LKA Lower Saxony praises as correct behavior. However, there may also be victims who have fallen for the scam and have not reported it.
The perpetrators may have obtained the address data through previous break-ins and data leaks, for example in online stores. A letter in the letterbox is therefore no longer a guarantee that it is a genuine document. If necessary, recipients should contact their bank on the known telephone number and report any forgeries to the online security service.
(dmk)