Our Swiss colleagues report to us a new form of scam in which physical letters are sent with QR codes. If you scan these codes, you unwittingly install malware on your smartphone. Although this particular form of fraud is currently not yet established in Belgium, there is a chance that sooner or later this approach will also pop up here due to the simplicity of the method.
How does this scam work?
The fraudsters send letters on behalf of official bodies, such as Switzerland's MeteoSwiss, asking to download a new app via a QR code. In reality, the QR code leads to a computer virus (malware) that tries to steal sensitive data from your smartphone.
The malware only targets smartphones with an Android operating system.
What should you do if you receive such a letter?
- Ignore the request and discard the letter.
- Do not scan the QR code.
- Take a picture of the letter and forward it to suspicious@safeonweb.be
What to do if you have a suspicious app installed?
- Uninstall the app.
- Reset your smartphone to factory settings to remove the malware.
- Change your passwords, especially those of sensitive apps such as your banking applications.
Tips to protect yourself:
- Always be careful when scanning QR codes. Use a secure QR scanner. Some QR scanning apps have built-in security features that check the security of a link before you open it.
- If you have already scanned the code, check carefully which web page you land on.
- Download apps only from official app stores, such as the Google Play Store or the Apple App Store.
Source: NCSC-CH https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/2024-meteosuisse.html
