QR codes (Quick Response Code) are here to stay. We usually find them in different situations and with different objectives. It is enough to scan them with our mobile to access information, web, multimedia content or a restaurant menu. Now the FBI puts them in the spotlight and warns us of the dangers that QR codes hide.
The Federal Bureau of Investigation (FBI) warns that cybercriminals are using QR codes in order to steal personal data, credentials and financial information . “Cybercriminals are manipulating QR codes to redirect victims to malicious sites that steal financial and login information,” the federal law enforcement agency said.
They steal money by manipulating QR codes
The FBI notes that cybercriminals are modifying the QR codes used by companies for payment purposes to redirect potential victims to malicious websites with the aim of stealing personal and financial information. They do this by installing malware on the victim’s device or by diverting payments to accounts under their control.
When the victim scans the QR code with their mobile, they are redirected to the attackers’ website where they are asked to enter their bank details and login credentials. Once the victim enters such data, the cybercriminals already have access to their bank account and can carry out all kinds of operations with it.
“While QR codes are not malicious in nature, it is important to exercise caution when entering financial information, as well as making payments through a site navigated to via a QR code,” the FBI added. “The police cannot guarantee the recovery of lost funds after the transfer.”
Tips when scanning a QR code
The FBI advises Americans to pay attention to the URL they receive after scanning a QR code and to be very careful if they are asked to enter their personal or banking information on that website.
It is advisable to avoid installing apps via QR codes or installing apps that scan QR codes. It is better to use the one with the operating system of our smartphone.
In addition, cybercriminals are also using QR codes instead of buttons or links in spam emails to make attacks more difficult for security software to detect and successfully and unsuspiciously redirect their victims to websites. malicious. The victims who fell for the scam were asked for both the location of the bank and the username and password to access the account.