Citizens warned about scamming via QR codes

Scams by QR code scanning have become much more troublesome lately and is one of the 6 matters for discussion at the September meeting of the Ministry of Information and Communications yesterday.
MIC is holding its regular meeting on September 6, co-chaired by Deputy Minister Pham Duc Long and Deputy Minister Nguyen Thanh Lam

MIC is holding its regular meeting on September 6, co-chaired by Deputy Minister Pham Duc Long and Deputy Minister Nguyen Thanh Lam


Reports from the Information and Communications Ministry (MIC) reveal that besides the popular trick of gluing a fake QR code over the real one for payment at shops so that customers accidentally send money to criminals, harmful QR codes are now spread freely in online articles, message applications, forums, and social network groups. These codes are usually links to gambling advertisements with malware that can be installed on smartphones.

All over the world, the use of QR codes has become much more common, especially after the Covid-19 pandemic. Statistics from the Payment Department under the State Bank of Vietnam show a remarkable rise in both quantity and value of QR codes in the country. In 2022, the number and value of payments via this method grew by 225 percent and 243 percent respectively compared to 2021.

Seeing a lucrative chance from this trend, criminals have developed credit card frauds through QR codes. These lawbreakers first make friend with victims via social networks and send a QR code for the victims to scan. The code contains a link to a fake website of a bank, requesting the victims to enter their personal information (full name, citizen ID card number, bank account number, password, and OTP codes). These sensitive data will then be used to steal the account.

The representative of the Information Safety Authority under MIC is discussing with the press in the meeting

The representative of the Information Safety Authority under MIC is discussing with the press in the meeting


Compared to harmful links, a QR code can be attached in an email or message without being detected by virus filter software. However, since a QR code is not malware itself but an intermediary to transmit content, it is the users that decide whether they become a victim of the trick or not due to their responses after scanning the code.

The Information Safety Authority (under MIC) proposed that people should be cautious when scanning QR codes, especially those shared publicly or attached in emails and messages in social network groups. Internet users should also carefully verify the reliability of QR code sharers as well as the content of the linked websites (whether the address has a prefix of ‘https’ and the domain name is familiar or not).

Citizens are warned not to share their confidential information (bank account or social network account). They are advised to use an application to manage their passwords with a two-step authentication process and other similar methods to protect their accounts.

Finally, the Information Safety Authority asked that QR code service providers send proper warnings to users like the banks have done lately to their customers. These companies must implement ways to detect abnormal transactions. Meanwhile, shop owners must frequently check the genuineness of the QR codes they are using to receive payments.

Other news