Liechtenstein Authorities Issue Urgent Warning Against Sophisticated QR Code Scams

Liechtenstein Authorities Warn of Rising QR Code Scams

The Liechtenstein State Police and the Federal Office for Cybersecurity have issued a joint warning regarding a significant increase in sophisticated online fraud attempts. The authorities caution the public against online fraudsters who are leveraging fake QR codes and malicious software (malware) to illicitly obtain sensitive information such as bank data and passwords. Recent cases highlight the evolving and increasingly complex methods employed by these cybercriminals.

The Mechanics of 'Quishing' and Data Theft

The warning specifically addresses a type of scam often referred to as 'quishing,' where malicious QR codes are used to redirect unsuspecting individuals to fraudulent websites or to install malware. A recent incident in Liechtenstein involved a person attempting to sell an item on an online classifieds portal. A supposed prospective buyer sent the victim a fake receipt containing a QR code for the purchase transaction.

Upon scanning, the QR code led to a fraudulent website designed to mimic a legitimate parcel delivery service (such as Swiss Post). The victim was then prompted to select their bank and was redirected to a fake login page that appeared identical to their actual bank's e-banking portal. The login information, including passwords, entered by the victim on this deceptive site was subsequently misused by the perpetrators, resulting in the theft of tens of thousands of francs from the victim's account.

Sophisticated Methods and Financial Impact

These scams are becoming more refined, utilizing tactics that bypass traditional security measures and exploit user trust. Fraudsters craft convincing fake websites and employ social engineering to create a sense of urgency, encouraging victims to act without careful consideration. The use of QR codes in phishing campaigns makes it challenging for security software to detect malicious links, as the URLs are obfuscated within the code.

Globally, similar sophisticated methods have been observed, including the distribution of malware like the Coper banking Trojan via malicious QR codes embedded in physical letters, aiming to steal banking credentials and intercept two-factor authentication codes. While not directly linked to the Liechtenstein case, such examples illustrate the advanced nature of threats that authorities are combating.

Official Advice and Prevention Measures

The Liechtenstein National Police urges the public to exercise extreme caution and follow crucial preventative measures to protect themselves from such fraud attempts. Key recommendations include:

• Never enter bank details on third-party websites.
• Avoid following links from emails, SMS messages, or QR codes from unknown or insecure sources, as these may lead to visually altered, fraudulent sites.
• Do not disclose sensitive information about yourself without thorough prior checks.
• If you suspect you have been a victim of such fraud, immediately contact your bank and report the incident to the National Police.

Additionally, it is advisable to inspect QR codes for any signs of tampering, verify the legitimacy of the URL before proceeding, and be wary of unexpected QR codes, especially those urging immediate action.

Continued Vigilance in Cybersecurity

The warning from Liechtenstein's authorities underscores the critical need for public vigilance in the face of evolving cyber threats. The country continues to strengthen its cybersecurity framework, with measures such as the new Cyber Security Act (CSG), effective from February 1, 2025, which implements the NIS-2 directive to enhance national resilience against cyber risks. This proactive approach aims to protect individuals, businesses, and critical infrastructures from the growing landscape of cybercrime.