Gaming Club
Sign in to comment

Cyber scams

FBI Alert: How a QR Code Can Steal Your Money

The Federal Bureau of Investigation warns of a classic scam that uses QR codes as a new way to lure potential victims into malicious websites.

FBI Alert: How a QR Code Can Steal Your Money

A QR code (initials for quick response code) is a type of matrix barcode (or two-dimensional barcode) invented in 1994 by the Japanese automotive company Denso Wave, and consists of black squares arranged in a grid on a white background, which can be read by an imaging device such as the camera you carry on your smartphone. But beware, because the FBI is warning about a scam involving the use of these to steal money.

FBI Alert: Malicious QR

The Federal Bureau of Investigation has issued a warning about the use of malicious Quick Response (QR) codes by cybercriminals to steal credentials, financial information and even your money if you fall for the scam. A classic scam that uses QR codes as a new way to lure potential victims.

According to the FBI, criminals are changing legitimate QR codes used by businesses for payment purposes to redirect potential victims to malicious websites aimed at stealing their personal and financial information, installing malware on their devices or diverting their payments to accounts under their control.

How does the QR scam work? After victims scan what look like legitimate codes, they are sent to the attackers' phishing sites, where they are asked to enter their login and financial information. Once entered, these are sent to cybercriminals, who can use them to steal money using hijacked bank accounts. It's a classic phishing scam, but using QR.

Caution when scanning a QR code

The FBI notes that “While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer.”

The FBI advises following these tips:

  • Pay attention to the URL that is sent to you after scanning QR codes.
  • Always be cautious when entering your data after scanning a QR code.
  • Make sure that physical QR codes have not been covered with other malicious ones.
  • Avoid installing applications via QR codes or installing QR code scanners (instead, use the one that comes with your phone's operating system).
  • Always enter URLs by hand when making payments instead of scanning a QR code that could be configured to redirect you to malicious sites.

Also with cryptocurrencies

Last November, the FBI issued another security advisory focused on the risks of QR codes, warning that criminals are increasingly asking victims of various scams to use QR codes and cryptocurrency ATMs to hinder efforts to recover their financial losses.

As a recent phishing campaign targeting German online banking users has shown, threat actors use QR codes instead of buttons in spam emails to make their attacks harder to detect by security software and successfully redirect victims to phishing sites.

Victims successfully redirected to the phishing pages were asked to enter their bank location, code, usernames and PINs.