QR Codes Are Quick and Easy for You and Cybercriminals

Balough February 1, 2022 0

(February 1, 2022) Those ubiquitous QR codes are a quick and easy way to get to a website, see a paperless menu at a restaurant, or get to a payment site. According to the Federal Bureau of Investigation, QR codes are also a quick way to get scammed or have malware loaded on your phone.

The FBI issued an awareness alert to the public that cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information or embed malware to gain access to the victim’s device, and redirect payment for cybercriminal use.

The FBI warned that cybercriminals tamper with both digital and physical QR codes to replace legitimate codes. “A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts,” the FBI explained. In addition, some fake QR codes contain embedded malware to allow access to the victim’s device to obtain information to withdraw funds from the victim’s account.

To avoid the scam, the FBI offered these tips:

  • Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
  • If scanning a physical QR code, make sure the code has not been tampered with, such as with a sticker placed on top of the original code.
  • Do not download an app from a QR code. Use your phone’s app store for a safer download.
  • If you receive an email stating a payment failed from a company you recently made a purchase with and the company asks you to complete the payment through a QR code, call the company to verify.
  • Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.

The FBI recommends that, if you believe you are a victim, report the fraud to the local FBI field office.

In the News Blog, Internet/Cyberspace