NORFOLK, Virginia – Quick Response (QR) codes are everywhere these days because they’re an easy, contactless way to read a menu or download an app.
Although square barcodes can be convenient, they can also be dangerous.
According to the FBI, cybercriminals take advantage of this technology by directing QR code scans to malicious sites to steal victims’ data and embedding malware to gain access to the victim’s device.
The agency also warns that if you scan a code that has been tampered with and taken to a dangerous side, you may be asked to enter login credentials and financial information.
“Cybercriminals forge digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think is a legitimate code, but the forged code directs victims to a malicious site, which prompts them to enter login information and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts,” the FBI said in a press release.
Avoiding these types of scams is easier said than done, as criminals make websites and QR codes incredibly believable.
To protect you, Cassandra Temple with Norfolk FBI Field Agent said, “I just recommend taking that extra time before clicking on a QR code. You know, check to see if it’s been physically tampered with. Check s ‘there is a sticker. on the original QR code, check before clicking OK on this URL that it is spelled correctly: there are no typos and there are no letters extras in it.”
FBI TIPS TO PROTECT YOURSELF:
- Once you’ve scanned a QR code, check the URL to make sure it’s the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Use caution when entering login, personal, or financial information from a site accessible from a QR code.
- If you are scanning a physical QR code, make sure the code has not been tampered with, for example with a sticker placed above the original code.
- Don’t download an app from a QR code. Use your phone’s app store for safer downloading.
- If you receive an email saying that a payment has failed from a business you recently made a purchase from and the business says you can only make payment via a QR code, call the business to check. Locate the company’s phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware to your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you think is from someone you know, contact them via a known number or address to verify that the code is from them.
- Avoid making payments through a site accessible from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
Although QR codes are not malicious in nature, it is important to exercise caution when entering financial information as well as when paying through a site accessible via a QR code.
If you believe you have been the victim of funds stolen from a forged QR code, report the fraud to your local FBI office here. The FBI also encourages victims to report fraudulent or suspicious activity to the FBI Internet Crime Complaint Center at www.ic3.gov.
If you have a consumer tip or story you’d like the News 3 problem solvers to consider, we want to hear from you! Email us at [email protected]