430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Insurance scams via QR codes: how to recognise and defend yourself

Threat actors can abuse QR codes to carry out sophisticated scams, as reported by the Italian Postal Police in its recent alert. As is well known, QR codes are two-dimensional barcodes that can be read with a smartphone or other hand-held device. They are widely used to access information, services, or online payments quickly and […]

iOS QR-code bug

Threat actors can abuse QR codes to carry out sophisticated scams, as reported by the Italian Postal Police in its recent alert.

As is well known, QR codes are two-dimensional barcodes that can be read with a smartphone or other hand-held device. They are widely used to access information, services, or online payments quickly and conveniently. However, they can also hide scams, as denounced by the Italian Postal Police in its recent alert.

The Postal Police has issued an alert to warn citizens against insurance scams using QR codes. In practice, fake insurance operators contact victims through calls, messages, or sponsorships on social networks, offering policies at advantageous prices. The scammers then send the victim a QR code that is supposed to be associated with the car’s number plate, to be shown at the authorised betting shops to make the payment. But in reality, the QR code does not contain the details of the insurance agency, but those of the fraudster, who then receives the money for the supposed policy by carrying out the scam.

The typical scenario in detail

Clients approach supposed intermediaries posing as insurance agencies via fake websites or misleading advertisements (often at the top of search engine sponsored ads), filling in forms with their license plate and other personal data, only to be contacted later with offers of discounted policies (the scammers try to force the immediate purchase of the policy by placing a limited validity on the offer).

After the first contact via instant messaging channels, further documents are then requested and a quote is provided. Following this, the fake insurer, refusing other methods of payment, alluding to security reasons, provide a payment slip with a QR code containing the payment details and generated through legitimate circuits, distributed throughout the country at authorised points of sale, with the beneficiary’s details in the name of a natural person and not a real insurance agency.

Once the payment has been made, the fraudulent operators can also provide a counterfeit policy before making their traces disappear.

How to defend yourself against these scams

The Postal Police recommends to beware of overly tempting offers and to always check the seriousness and reliability of the interlocutor. In addition, they advise people to be wary of those who propose QR codes as the only method of payment and to check that the recipient of the payment corresponds to a genuine insurance company.

In such circumstances, one must be very careful and wary of making payment and only use official channels of recognised insurance agencies and companies. Online companies do not use generic domains or channels such as WhatsApp or Telegram. Often, scam sites have very similar names to well-known insurance companies with the same logos, images or other distinctive elements.

Finally, it is urged to promptly report any suspicious or fraudulent incidents to the competent authorities.

Although QRishing is nothing new, as is always the case, the perpetrators of threats have no limits to their imagination and always come up with new baits.

In Italy, via the IVASS website (https://www.ivass.it/consumatori/proteggi/index.html), it’s possible to consult the complete lists of Italian and foreign insurance companies and authorised intermediaries and a constantly updated list of fraudulent websites.

Credit:

About the author: Salvatore Lombardo (Twitter @Slvlombardo)

Electronics engineer and Clusit member, for some time now, espousing the principle of conscious education, he has been writing for several online magazine on information security. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”. “Education improves awareness” is his slogan.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, QR codes)