FBI warns of cyber-criminals using QR codes to steal information

HONOLULU (HawaiiNewsNow) – The FBI is warning people about cyber-criminals using QR codes to steal login information, credit card and bank account numbers and other personal information.

QR codes are literally everywhere. These “Quick Response Codes” are handy when a business wants you to visit their website without needing to enter the URL in a browser. You see them on restaurant menus, doors, and windows of businesses, business cards, placards and posters and at ticket counters. In recent months, many restaurants have replaced their hand-held printed menus with QR codes. They’re obviously here to stay. Since they are being used by businesses and consumers, the FBI says cyber criminals have begun placing QR codes that lead consumers to malicious websites.

The bureau explains how cyber criminals use the QR codes like this:

The QR code is created using any QR code generator that can be found on the internet and smartphone apps. These codes can launch programs on the smartphone once the victim scans the code and taps the address bar that shows up on the screen. The QR code can lead to websites, payment portals, download music, and images onto the phone, and request payment to a crypto currency vault.

The victim may believe they’re downloading a restaurant menu but download a malicious program instead. Some restaurants allow customers to pay for their meal using a QR code scan that requests payment information from the customer’s bank or credit card account.

Malicious QR codes, according to the FBI, can also allow the criminals access to the victim’s mobile device to steal their location, financial, and personal information. Pretty scary stuff.

The FBI also warns that cyber criminals are known to print their malicious code onto stickers and place those stickers over the QR code posted by the restaurant. It may look authentic unless you peel back the corner of the sticker to reveal the genuine code.

In its release, the FBI offers tips to consumers to protect themselves:

• Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. This is actually difficult to do because malicious links may only be a few letters that don’t reveal enough information to decipher whether they’re authentic or not.
• Practice caution when entering login, personal, or financial information on a site navigated to from a QR code.
• Do not download an app from a QR code. Instead, download the businesses app from the official app store.
• If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify.
• Do not download a QR code scanning app. Most phones have a built-in scanner with the camera app.
• If you receive a QR code that you believe to be from someone you know, reach out to them through a known number to verify that the code is from them.
• Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete payment.

The FBI asks if you believe you’ve been the victim of stolen funds from a tampered QR code, report the fraud to your local FBI field office at www.fbi.gov/contact-us/field-offices, and report any suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov

Copyright 2022 Hawaii News Now. All rights reserved.