Expert lists 7 lesser-known cyber traps – “Many already know to be wary of scam messages, but…”

Ilkka Tuominen, DNA’s Fraud Manager, reminds us that although many modern technologies can be used for scams, their intended use is usually legitimate and well-meaning. For example, a QR code shown in a TV program or printed in a newspaper rarely leads to a scam site. So, it’s worth using technical solutions boldly – they’re designed to make life easier. Still, a healthy dose of skepticism is wise. 

“Cybercriminals’ innovations for collecting credit card and banking information know no bounds. It’s important to stay up to date with new scam methods and protect ourselves effectively. Many already know to be wary of scam messages, but unfortunately, that’s not enough. While traditional scams are still common, new technologies bring new risks. QR codes and NFC attacks are examples of how helpful tools can become dangerous in the hands of criminals,” says Tuominen.

You might encounter scams like the following examples either at home or while traveling. When information is presented in a foreign language, the content may be unclear, and users may click links carelessly.

1. Browser Pop-up Scams and Paid Scam Ads

Websites may request permission to show notifications, and if the user accepts, the browser may start displaying scam messages that appear official. For example, a message might say, “Your computer is infected – click here."

When searching for information, the top-listed links may include ads purchased by scammers. These fraudulent ad links lead to websites that look completely legitimate and are designed to steal your information. It's always a good idea to check the browser’s address bar to ensure the URL looks as accurate as possible for the content you're viewing.

2. Fake Mobile Applications

App stores may contain carefully copied versions of popular apps. These fakes may collect data or redirect payments. Apps not downloaded from official stores pose an even greater risk. For now, freely selectable app stores on the Android operating system pose a greater risk for malicious apps compared to the app store on the iOS operating system.

3. Data Leaks via Smartwatches and Wearables

If malware has been successfully installed on the smartwatch on your wrist, it may also record audio or transmit data without the user noticing. Since smartwatches often have NFC connectivity, in certain situations it may be easier to sneak malware into them than into a phone, without the user realizing it. Such a situation could be, for example, during rush hour on public transport.

It is also advisable to review the settings of the apps on your phone. Unnecessary apps should not be stored on the device, and any excessive permissions granted to apps should be permanently or temporarily disabled, especially when you know it will be a long time before you use the app again. 

4. Real-Time Manipulation of Video or Audio Calls

Advanced artificial intelligence now enables real-time manipulation of video and audio (deepfakes). For instance, during a Teams or Zoom meeting, a person may appear who looks and sounds like a familiar colleague but is actually a fraudster attempting to initiate a payment or extract sensitive information. Similarly, a voice call may come through a messaging app from an unknown number, with the caller impersonating a close relative. The goal in such cases is often to solicit a payment or gather more information for a follow-up scam. These types of incidents have already been reported globally.

5. QR Code Scams (Quishing)

QR codes simplify everyday smartphone use, but they can also redirect users to malicious websites that appear legitimate while stealing login credentials or installing malware. In public spaces, such as restaurant menus or parking payment signs, QR codes can be easily replaced with fraudulent ones. A QR code sticker placed over an advertisement or found loose should always be treated as suspicious.

6. NFC Attacks

Near Field Communication (NFC) technology enables short-range payments and data transfers. Criminals can exploit this by using programmed NFC tags that redirect a victim’s phone to a harmful website or trigger automatic actions, such as saving a contact or launching an app. It’s advisable to keep the NFC feature off when not in use and assign it to a quick-access toggle. Just like with QR codes, NFC tags affixed to advertisements or found loose should be considered potentially harmful. Some QR code stickers may also contain embedded NFC functionality.

7. Malware via USB Ports (Juice Jacking)

Public charging stations, such as those in airports or shopping centers, can be tampered with by criminals to install malware or steal data during charging. Devices running older operating systems are especially vulnerable. The safest approach is to avoid public USB ports altogether and use your own charger or a portable power bank.

Further information for the media:

DNA Corporate Communications, tel. +358 (0)44 044 8000, communications@dna.fi