Qualcuno può spiegarmi come i ladri hanno potuto ottenere i soldi semplicemente inviando loro un codice QR per pagare qualcosa?
https://www.nieuwsblad.be/cnt/dmf20240919_94855731
di kvmcc
Qualcuno può spiegarmi come i ladri hanno potuto ottenere i soldi semplicemente inviando loro un codice QR per pagare qualcosa?
https://www.nieuwsblad.be/cnt/dmf20240919_94855731
di kvmcc
7 Comments
This shouldn’t be possible. I have a feeling something is left out of this story.
You can’t.
She probably got led to a phshing site, logged in with her bank reader and then approved transactions.
It sucks but those are all things she did manually, no security system is flawless and if you give burglars the key to your house, they’re going to rob you.
I’m guessing there was some phishing added.
Get the account info from the QR code, then send a seperate mail with malware or just call up the bank offering all kinds of info they can get from facebook . Trying to convince them it’s the person and allow them acces into the account.
Or she just had a shitty pin that was based on personal info and the hackers could just get in through that
She’s not telling the full story
I’m sorry, but such a vague “explanation” clearly shows she got phished. Maybe they “guided” her through the process and made her believe she was preparing to receive money but instead got duped and transferred money or at least allowed the scammers to withdraw money from her account later.
Not all information is listed. According to her story she send them a QR code. This means she used her banking app to create one and then send it to them through whatsapp or other messaging platform. Sending a payment QR is for recieving money and can not be used for anything else.
A source on payment QR: https://stripe.com/nl-be/resources/more/qr-code-payments
The only way for the attackers to gain access is that they hijacked her credentials. In this particular case I imagine the scammers got hold by presenting her a fake login page for her bank to create the code. She probably told them she didn’t know how she should send it through so they offered to “help”. Another possible way would’ve been where they claim they paid her to much (oh no, i put down 300euro and not 30. Can you refund it please?) and she proceeded to the link they added.
Whatever method the scammer(s) used, they have had her login to something and they captured the login credentials. You can NOT gain access to someones bank account through a payment QR, that is impossible as the QR doesn’t contain any login data at all.
She is lying (mostly due to shame and guilt which all victims have)
I work in Cybersecurity btw.
Sorry hè maar als ge daar tegenwoordig nog intrapt is dat uw eigen fucking schuld.