FBI Warning: Cybercriminals are tampering with QR Codes to defraud victims

The FBI has issued a warning to businesses and consumers about the dangers of malicious QR codes. These codes can be used by cybercriminals to steal your personal information, including your login credentials and financial information.

To avoid becoming a victim, it is important to be aware of these dangers and take precautions when scanning QR codes. In this blog post, we will discuss the FBI’s warning and how you can protect yourself from these attacks.

QR codes are widely adopted by businesses to facilitate payment. In a classic use case, a business provides customers with a QR code directing them to a site where they can make a payment.

Cybercriminals Tampering with QR Codes to Steal Victim Funds
Once you scan the code check the URL is legitimate

Cybercriminals replace the QR code with a fraudulent one and steal the sender’s money by duping people who scan them. Unfamiliar individuals that read the QR codes are taken to deceptive websites that are designed to steal login and financial information. Malicious websites may also spread malware on the victims’ computers or redirect payments to accounts under their control.

“Cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use. Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information... While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code.”

FBI public service announcement

How can you protect yourself?

  • When you scan a QR code, double-check the URL to verify that it is the correct site and appears genuine. A fraudulent domain name may be similar to the desired URL but with typos or a missing letter.
  • Ensure that the QR code being scanned has not been tampered with. Cybercriminals use tactics such as placing a sticker on top of it.
  • Do not download an app from a QR code. For a safer download, use your phone’s app store.
  • If a firm you just made a purchase with emails you to tell you that the payment has failed and that you must use a QR code, contact the company to double-check. Instead of calling a number provided in the email, look up the business’s phone number on a respected site.
  • Do not download a QR code scanner app. A QR code scanner application increases the possibility that malware will be downloaded to your device. The camera app on most phones includes a built-in scanner.
  • If you come upon a QR code that appears to be from someone you know, contact them using their known phone number or address. Make sure the code and the resulting URL are genuine.
  • Manually enter a known and trusted URL to complete the payment.
The Battle for Sicily's Soul

The Battle for Sicily’s Soul – Order from your Favourite Retailer Below

Disclosure: Please note that some of the links in this post are affiliate links. When you use one of these affiliate links, the company compensates us. At no additional cost to you, we will earn a commission, which helps us run this blog and keep our in-depth content free of charge for all our readers.