QR codes are becoming increasingly popular in all areas of life, and while they are not particularly harmful, the Federal Bureau of Investigation is concerned about how easily thieves may counterfeit them.
Since the outbreak, the use of so-called quick response codes, or QR codes, has grown in popularity.
Many tasks can be done contactlessly with this technology, including paying for products and services, reading a restaurant’s menu, presenting documents and COVID-certificates, confirming the legitimacy of various types of tickets, and renting automobiles.
It’s unsurprising that scammers haven’t paid any attention to this issue.
QR codes (Quick Response Codes) are a type of matrix, or two-dimensional, bar code that was first designed for the car industry in Japan. Denso, a Toyota company, owns the trademark for the word.
A special machine reads a barcode – an optical label containing data about an object attached to it. Invented in the mid-1990s, the technology has become popular far beyond the automotive industry due to its fast readability and higher capacity than the UPC standard barcodes we are used to in store merchandise.
On a white screen, the QR code appears as a jumble of black squares arranged in a square grid. The relevant data is extracted from the code after it is read using a smartphone camera or specific programs, presenting the user with the necessary information.
This enables users to easily visit websites, download applications, or send money to a specified recipient. Companies are using QR codes lawfully to enable convenient contactless access, which has become particularly important during the pandemic. They’re widely utilized in retail, e-commerce, bill payments, and other built-in mobile payment systems.
FBI warning
According to the Federal Bureau of Investigation cybercriminals are impersonating QR codes.
Fraudsters use this technology to steal the victim’s personal and financial information, install malware on the device to get access to it, and transmit money to the scammers’ accounts.
According to the FBI, cybercriminals falsify both digital and physical QR codes. The victim scans a picture they believe is legitimate, but the bogus code takes them to a malicious website that asks for login and financial information. Scammers who have access to this information can use it to pull money from the victim’s accounts.
Fake QR codes can also contain a link to harmful software that allows the criminal to gain access to the victim’s mobile device, track their position, and steal personal and financial information.
QR codes are increasingly being used by businesses and people to make payments. After scanning such a code, the client is directed to a website where he can complete a financial transaction in a matter of seconds. Cybercriminals obtain the client’s money by faking the code and providing their details for payment.
How you can protect yourself
QR codes aren’t dangerous in and of themselves, but it’s crucial to be cautious when entering financial information or purchasing through a site that can be accessed using one. According to the FBI, law enforcement organizations cannot guarantee the return of missing funds after the transfer.
The Federal Bureau of Investigation recommends the following measures to protect yourself:
- After scanning the QR code, check the URL and make sure it’s the right site and looks authentic. The malicious domain name can be similar to the original URL, but with typos or extra letters.
- Exercise caution when entering login, personal or financial information from a site that you have accessed using a QR code.
- When scanning a physical QR code, make sure that the code has not been tampered with, for example by using a sticker placed over the original code.
- Do not download applications by QR code, but use your smartphone’s application store for more secure downloads.
- If you receive an email from a company you recently made a purchase from that your payment failed and you can only complete it using a QR code, call the company back and clarify this information. That being said, it is important to find the phone through the original site, and not call the number listed in the email.
- Do not download a separate application for scanning QR codes. This increases the risk of downloading malware to the device. Most smartphones have a built-in scanner through the camera app.
- If you receive a QR code that you think belongs to someone you know, contact them at the known number or address to verify that the code belongs to them.
- Avoid making payments through the site you went to using the QR code. Instead, manually enter a known and trusted URL to complete the payment.
Earlier this month, Texas police revealed that bogus QR code stickers allegedly capable of paying for parking were discovered in more than two dozen parking spots in Austin.
Scammers target users of ad sites on a regular basis. Such services normally keep an eye on security and can block questionable messages while allowing images to pass through. In this example, the attackers encrypt links to phishing sites in a QR code and send it to the victim, who then enters their banking information.
When you scan a QR code, you have no idea where you’re going to go. You could very well be taken to a malicious site that might try to install a virus on your phone, said Matthew Green, assistant professor of computer science at Johns Hopkins University in Baltimore, state of Maryland.
In the backdrop of the growing popularity of individual urban transportation such as scooters and bicycles, China’s example is instructive. You must scan the QR code and make a payment to hire a bike. Scammers in China put false codes on top of the actual ones, causing consumers’ money to be rerouted to the attackers.
The main problem is that it is impossible to visually distinguish a fake QR code. Back in 2017, it was reported at the National People’s Congress in Beijing that more than 23 percent of Trojans and viruses are transmitted via QR codes. The process of creating QR codes is so simple that fraudsters can easily inject malware and viruses into them.
In March 2014, the People’s Bank of China introduced a ban on QR code payments, but canceled it two years later. QR code is a really simple and convenient payment method, which is why its popularity is steadily growing. However, regulators and payment service providers must now do their best to prevent fraud. And the task of users is to be on the alert and not to forget about the possible danger.
Image Credit: Getty
You were reading: FBI warns of dangerous QR code fraud spreading in the US