Home News Crime FBI warns of QR code scams cybercriminals use to steal your money

FBI warns of QR code scams cybercriminals use to steal your money

8 min read

The Federal Bureau of Investigation (FBI) has issued a new warning to Americans that they should exercise caution when scanning QR codes with their smartphones because cybercriminals tamper with the codes to steal login and financial information.

A QR code—the square barcode that people can scan with their smartphone cameras—can provide quick and convenient access to a website or to a direct payment to an intended recipient.

Businesses use QR codes to provide contactless access to services, for instance, enabling access to restaurant menu items on a smartphone that can then be conveniently ordered.

However, the FBI said in an initial alert in late January that it discovered that cybercriminals were tampering with both the physical and digital QR codes to swap them for malicious codes that, when scanned, pose a risk to users.

“Unfortunately, they’re relatively widespread”, Assistant Section Chief of the FBI Cyber Division, Stephanie Walker, told ABC News on 16th February, with the agency reiterating its call for people to use caution when scanning QR codes.

Criminals use modified malicious QR codes to direct people to malicious sites to steal their data, break into victims’ devices by embedding malware on them, or redirect payments for immediate financial gain.

“What happens when you scan a QR code that isn’t the one you’re supposed to be scanning is that can give the criminal access to your phone, which then allows them access to any apps that you normally use.

“It can also drop some sort of computer intrusion type software that can alter your phone and steal credentials”, Walker said.

The FBI explained in its earlier alert that, after gaining access to a person’s credentials and other financial information, cybercriminals can use it to withdraw funds from victim accounts.“Law enforcement cannot guarantee the recovery of lost funds after transfer”, the FBI warned.

The FBI’s El Paso division said in September that the agency began receiving reports in 2022 that people were falling victim to QR code scams, with cryptocurrency frauds being an area of particular concern.

Because crypto transactions are often made through QR codes associated with crypto accounts, that makes such transactions “easy marks”, the FBI said at the time.

Scammers were found to be using malicious QR codes and gift cards as part of a single ploy.FBI’s El Paso division said: “Scammers may call and say they’re going to send a QR code to your phone so you can receive a free $100 gift card. In reality, the QR code may take you to a malicious website.“If you make a payment through a bad QR code, it’s difficult, if not impossible, to get those funds back”.

Protecting yourself

The FBI offered several tips to avoid becoming the victim of a QR code scam.

First of all, the agency says that people should ensure that the website address, or URL, that pops up when a QR is scanned appears legitimate and is the intended site. Malicious domains may mimic the intended URL but have slight alterations like typos or misplaced letters.

People are also urged to exercise caution when providing sensitive information after scanning a QR code, especially login or financial details.The FBI says that, when scanning a physical QR code, people should verify that the code hasn’t been tampered with, such as by adding a sticker on top.Also, the agency cautions against downloading apps directly from QR codes. Instead, the FBI says people should rely on their phone’s app store for safer downloads.

If prompted to complete a payment via QR code in an email claiming a failed transaction, people should contact the company directly to confirm the authenticity of the message, according to the FBI. They should also obtain the company’s contact details from a trusted source, not from the email containing the QR code.Further, people should avoid downloading QR code scanner apps to minimize the risk of malware. Most smartphones have built-in QR code scanning features in camera apps.In general, the FBI recommends that people avoid making payments through a site navigated from a QR code. Instead, manually entering a known and trusted URL to complete the payment is a safer option.

Tom Ozimek is a senior reporter for The Epoch Times. He has a broad background in journalism, deposit insurance, marketing and communications, and adult education.

Source: https://www.theepochtimes.com/

Load More Related Articles
Load More By Tom Ozimek
Load More In Crime

Leave a Reply

Your email address will not be published. Required fields are marked *