The FBI has issued a warning against malicious quick response (QR) code, with cyber criminals tampering with them to redirect victims to malicious websites that steal login and financial information.
QR codes, which are scanned by smartphone cameras and can provide access to a website, a download of a direct payment, have become increasingly popular over the past few years.
However, the FBI has cautioned that cybercriminals are using these codes to send people to malicious websites so they can steal data, embed malware on a device or redirect a payment.
Criminals can tamper with digital and physical codes. A user scans what they believe is a legitimate code but sends them to a malicious website that asks for login and financial details. Certain instances involve malware being downloaded, which can give a criminal access to a victim’s device and location.
In terms of payment QR codes, criminals can tamper with a code, so the money is intercepted and sent to a different account.
The FBI added that law enforcement cannot guarantee the recovery of lost funds after transfer.
It also offered advice for people to better protect themselves. The first is to check the URL of a website they are taken to looks authentic. The URL might look similar, but there will be typos of misplaced letters.
People should also check to see if a code has been tampered with, such as a sticker placed over an original code. Also, people should not make payments on a site they reached through a QR code, instead manually go to the website.
The FBI also explained if an email is received that says a payment failed and a QR code can be used instead, phone the company up via a trusted number to verify everything.
Other advice includes practicing caution when entering sensitive data, do not download an app through the code but use the phone’s app store, and do not download a QR code scanner app.
Finally, it said if you receive a code from someone you know, ask them to verify they sent it.
Copyright © 2018 RegTech Analyst