QR code phishing and FBI Warning

Quick response codes, also called QR codes, have exploded in popularity during the pandemic. Many restaurants and shops started using the contactless tool to let people look at menus and other – normal printed materials – on their phones. The FBI recently issued a warning that cybercriminals are using QR codes to redirect unsuspecting users to malicious sites that can steal their information.


QR Codes Exploded During the Pandemic

The square bar codes have popped up on table tents at many local restaurants to let users view their menus online, but you’ve probably seen them on ads, in shops, on mail pieces, and even on computer screens, to quickly link you to the information you’re looking for. Cybercriminals are taking advantage of the technology by replacing the QR codes with codes that unknowingly take the victim to a malicious site. For example, police recently found stickers with malicious QR codes placed on parking meters in Houston, San Antonio and Austin, Texas. In these cases, the QR code directed the user to a website that appeared to let them pay for parking using their phone. What they didn’t know, is that the site was collecting their personal and credit card information.

Not all QR Codes are Bad

QR codes aren’t normally malicious. It’s really just a barcoded link that lets the person scan and click rather than having to type in a full web address. However, like phishing emails, the link can look legitimate, but actually take the victim to a website that is meant to trick them into entering in their password or payment information, or even into downloading malware.

How to Avoid Falling for QR Code Scams

The FBI is urging people to double-check the web address that pops up after you scan the code, to make sure it looks like the intended destination… but watch out for URLs that look close to the real website, but actually have typos or misplaced letter in them. The FBI also says that you should be particularly cautious if the QR code is on a sticker that’s placed on top of the original code. Also, never download an app from a QR code. It’s best to use your phone’s app store to be sure that it’s legitimate.

Safely Getting to the Information

If you’re not sure about a link from a QR code, enter a trusted URL into your browser and navigate to the appropriate information.

Cybercriminals are always trying to take advantage of new behaviors and new technology to try and steal personal and financial information. Be sure to share this information, as well as how you can protect your cell phone from attacks, with your friends and relatives to let them know about these new cyber dangers and to help them avoid becoming a victim.

Leave a Reply