According to the FBI, cybercriminals are currently using malicious QR Codes to recover victims’ financial and personal data. Indeed, these QR Codes redirect users to fake sites on which they are invited to enter their bank details.
For several years now, scanning a QR Code has become a habit for many users. Whether it’s to quickly download an application, access a website, consult a restaurant menu, there are QR Codes everywhere. Of course, crooks and cybercriminals have quickly hijacked this technology to develop various and varied scams.
Examples abound, such as those thieves who placed fake QR Codes on parking meters in the United States to collect parking money. Or this elaborate phishing campaign with fake QR Codes that affected customers of two major German banks.
On this Monday, January 24, 2021, the FBI is alerting users to a new phishing campaign that exploits malicious QR Codes. This warning was issued as a PSA (Public Service Announcement) on the FBI Crime Complaint Center website.
Also read: QR Codes – beware, hackers use them to hack smartphones
A QR Code to redirect to a fake website
“Cybercriminals tamper with QR Codes to redirect victims to malicious sites that steal their credentials and financial information,” specifies the American federal agency. According to “the Bureau”, scammers modify legitimate QR Codes used by companies for payment purposes to redirect potential victims to malicious websites designed on their devices or divert their payments to accounts under their control.
The procedure is simple: the victim scans the QR Code, finds himself on a fake payment site (relating to a service, a company, an institution related to the user) on which he is invited to enter his financial and personal information, and the trap closes. The hackers just have to recover his data to use it to access the target’s bank account, for example.
“Although QR Codes are not inherently malicious, it is important to exercise caution when entering financial information or making a payment on a site accessed through a QR Code. Law enforcement cannot guarantee the recovery of lost funds after the transfer”, reminds the FBI. The institution advises to avoid installing apps via QR Codes or installing third-party QR Code scanners and instead using the one that is natively installed on your smartphone.
Source: Bleeding Computer