Central Bank experts spoke about a new fraudulent scheme, using which attackers use QR codes to steal funds from bank cards.
This method allows you to withdraw money from the card, even without having its data. Currently, a number of major Russian banks already use QR codes for certain transactions, including cash withdrawals. The essence of the method is that the banking application creates a QR code, after which the ATM scans it and distributes the funds.
Attackers, posing as bank employees, call potential victims, report an “attempt” to withdraw funds from their accounts, and ask them to send a QR code, supposedly to cancel the operation. After that they take the money using the received code.
The Bank of Russia’s message says that, in fact, real bank employees do not request QR codes and other data from their customers over the phone.