Many users of Facebook and Telegram accounts have reported numerous cases of fraud, whereby a stranger hacks an account and then attempts to request money for an emergency, or even borrow a loan, from the contacts of the account holder.
Many different pretexts have been employed for such schemes, with scammers becoming more and more resourceful in their approaches.
Almost invariably, any money sent is transferred electronically, generally using a KHQR code, the standardised version of a QR code which is used for retail payments and transfers across banks and financial institutions within Cambodia.
The Post looked into the complex process of recovering electronically transferred funds and discovered that it is surprisingly difficult to easily trace the perpetrators.
Brazen fraud attempts
One of the latest cases happened to Rachana, a resident of Phnom Penh. Someone obtained her Facebook login, presumably through a malware application disguised as a game or app, and then locked her out of her own account.
After assuming control, the technology thieves sent messages to several of her friends asking for a $300 loan, under the pretext that her bank account had been shut down after entering the wrong code several times.
Along with her immediate friends and relatives, Rachana rushed to notify as many of her contacts as possible that she had been hacked, to make sure that no money was sent.
The KHQR that the hacker sent used the name Seavling Oun. When the code is scanned, it does not show the specific bank linked to the account, but Bakong, a payment system established by the National Bank of Cambodia to transfer funds between different accounts at different financial institutions.
Fortunately, Rachana managed to log back into her account and regain control of it before the hacker convinced anyone to send them money.
Another Phnom Penh resident, Thea, lost control of his Telegram account. Following the hacking, his family received a barrage of messages asking for money.
As soon as he became aware of the fraudulent requests, he went to the National Police’s Anti-Cyber Crime Department and notified them about the issue, ensuring he would not be held responsible for any potential crimes.
“My case was not serious yet; they just used my hacked Telegram account to chat to my friends. I only realised when they began asking my family members for money,” he told The Post.
“I went to the cyber-crimes department and filed a report. The officials instructed me to spread the word on social media,” he added.
Who is behind the codes?
In general, to register with a bank or microfinance institute for a QR payment service proof of address and an ID is required. So why can’t the perpetrators of these crimes be tracked down immediately through the names on the QR codes?
The Post submitted questions to the National Bank of Cambodia and Bakong, as well as the Financial Intelligence Unit of Cambodia on May 27, but had not received a response as of May 28.
One anonymous expert with insider knowledge of the banking system explained that it is extremely unlikely that hackers could break directly into any of the major banking systems.
Instead, they hacked into a social media account and then relied on the victims of their scheme to not pay close attention when making money transfers.
He added that perpetrators often use KHQR of different banks or financial institutions to commit fraud.
He also called on the victims of all such cases to contact their bank immediately by phone or in person. They should then follow the measures that the bank has in place to resolve the issue.
Read full article: https://www.phnompenhpost.com/post-in-depth/why-can-t-hackers-be-tracked-through-qr-codes-