FBI warns that criminals are using fake QR codes to scam users

Beware of what you scan. Criminals can watch.

Cybercriminals could use modified quick response (QR) codes to steal the personal and financial information of unsuspecting customers, the FBI warns.

QR codes are all around us these days, and they’re used for everything from restaurant orders to donations. During the pandemic, many restaurants started using QR codes instead of paper menus.

How it works: A code is scanned through a phone camera app, and the user is then redirected to the relevant website.

Problems can arise, according to the FBI, in cases where the codes have been changed. Unwitting users can be directed to malicious sites that prompt them to enter their financial and login information or expose them to malware.

“Although QR codes have been around for a very long time, certainly in recent years, they’ve been used more and more,” Dave Ring, section chief of the FBI’s cyber division told ABC News. “Part of that is due to the pandemic and the drive to be as contactless as possible, QR codes give people the option to just use their phone’s camera and scan a QR code.”

Police in San Antonio, Texas have warned that fake QR codes have been found on parking meters in the city. “People attempting to pay for parking…may have been directed to a fraudulent website and submitted payment to a fraudulent seller,” a tweet from the department said.

Ring said the San Antonio scam was “the perfect example” of people exploiting a simple daily exercise, and the FBI warned that criminals could take advantage of people through other similar tactics.

“A cybercriminal can replace a completely harmless, legitimate QR code with one that directs people to a malicious site, and that malicious site can trick someone into clicking a link and could potentially download malware onto their device,” said said Ring.

The redirect can also lead users to what appears to be a banking website but is actually fraudulent, he added.

“Malicious QR codes can also contain embedded malware, allowing a criminal to access a victim’s mobile device and steal the victim’s location as well as personal and financial information,” the bulletin reads. FBI. “The cybercriminal can exploit the stolen financial information to withdraw funds from victims’ accounts.”

To avoid any problems, the agency urges people to exercise caution when checking the code URL and entering financial and other personal information.

“Always exercise caution when considering entering login information, personal information or financial information when browsing from a QR code or any link that you are not sure where you are trying to go” , Ring said.

Comments are closed.