The FBI has issued an alert urging users to refrain from scanning anonymous QR codes as cybercriminals are using these QR codes to steal login credentials, financial information, and funds.
Since the dawn of the Coronavirus era, Quick Response or QR codes have become more popular since businesses use them more than ever. However, according to the Federal Bureau of Investigation (FBI), scammers exploit QR codes to lure victims into giving away their confidential data.
FBI issues warning regarding QR codes
In an alert issued by the FBI’s Internet Crime Complaint Center (IC3), the department has warned about malicious QR codes that reroute customers to unwanted, infected websites. Their objective is to steal customers’ data by embedding malware to access their devices and redirect payment to use in cybercrime.
The warnings came just a week after the agency warned businesses and unsuspected users of cybercriminals mailing malicious USD drives to infect their systems with ransomware.
Details of the Scam
According to the FBI, the scam involves using modified QR codes either on a printed page or a screen. When a victim scans for the code, thinking it to be legit, the tampered code directs victims to a “malicious site” that prompts them to enter login credentials and financial information.
The bureau didn’t share more details on the scam other than that scammers tamper with the pixelated barcodes to redirect victims to malicious sites.
“Cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use – Do not scan a randomly found QR code.”
It is worth noting that malware-infected QR codes have already made it to official app stores. Last year, the “Barcode Scanner app” with over 10 million installs was removed by Google from Play Store after it was reported for malicious activities.
In another incident, several QR code apps on Play Store were infected with malware. What’s worse is that those apps had over half a million downloads from users across the globe.
How to Stay Protected?
In its alert, the FBI urges users to follow safe practices when using a QR code and never enter personal information in a website without running necessary checks. The FBI noted that it wouldn’t guarantee recovery of the lost funds after a transfer is made.
Therefore, users should check the site link after scanning the QR code to confirm whether it is a legit site or not. Smartphone users should avoid downloading an app from a QR code and always use an official app store to download applications.
Furthermore, users shouldn’t download a QR code scanner because almost every phone comes with a built-in scanner. Lastly, users should avoid paying via a website accessed through a QR code. They must manually enter the URL and cross-check the address before completing the payment.