NORFOLK, Va. - Quick Response (QR) codes are everywhere these days because they're an easy, contactless way to read a menu or download an app.
While square barcodes can be convenient, they can also be dangerous.
According to the FBI, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data and embedding malware to gain access to the victim's device.
The agency is also warning that if you scan a code that's been tampered with and are taken to a dangerous site, you may be asked to enter login and financial information.
"Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts," the FBI said in a press release.
Avoiding these types of scams is easier said than done because criminals make the websites and QR codes look incredibly believable.
To protect yourself, Cassandra Temple with the Norfolk FBI Field Office said, "I just recommend taking that extra time before you click on a QR code. You know, check to see if it's been physically tampered with. Check to see if there's a sticker over the original QR code; check before you click 'OK' on that URL that it's spelled right - there's no typos and there's no extra letters in there."
FBI TIPS TO PROTECT YOURSELF:
- Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone's app store for a safer download.
- If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company's phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code.
If you believe you have been a victim of stolen funds from a tampered QR code, report the fraud to your local FBI field office here. The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov.
If you have a consumer tip or a story that you want the News 3 Problem Solvers to look into, we want to hear from you! Email us at firstname.lastname@example.org.