Online security warning

FBI Warns Against QR Code Phishing

The Federal Bureau of Investigation is warning individuals about malicious quick response codes that cybercriminals are using to steal victims’ login and financial credentials.

According to the notice posted on the Internet Crime Complaint Center, bad actors would replace original digital and physical QR codes with tampered ones that would take unknowing users to phishing sites.

The code may also contain malware that would grant hackers access to victims’ devices and steal various kinds of information. Hackers can use financial information and other data to steal money or impersonate the victim, according to the notice posted on IC3.

QR codes are used by businesses and other organizations to provide a contactless way to secure payment or execute other business needs during COVID-19. The technology works when customers use their smartphones to scan the code. Once customers scan the code, they will be redirected to a secure website where they can either pay or fill in the needed information. The cybercriminals would then create a spoofed QR code that will redirect victims to a spoofed website that looks identical to an official domain.

The FBI urges users to ensure that the URL is authentic and matches the one that the business or organization intends to use. Users must check the URL if the website is spelled properly because hackers will misplace a letter to fool victims into thinking that the website is legitimate. Users should also check if physical QR codes are not superimposed. Other safety tips include not downloading apps through QR codes and being cautious about emails warning users about failed payments.