FBI warns of malicious QR codes

Vawter Financial |

Quick Response codes, better known as QR codes, are a convenient way for businesses to get you to visit their websites, download their apps or make payments. But the FBI is warning that bad actors can manipulate these codes to steal your money or personal information.

"Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes," the FBI said in a statement Tuesday. "A victim scans what they think to be a legitimate code, but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts."

The FBI also said fake QR codes can be used to embed malware onto a victim's phone, giving a scam artist access to the device and potentially any information on it, including financial information. The Bureau said if you become a victim, there is no guarantee law enforcement can get lost funds back to you.

Here are some tips from the FBI on how to protect yourself from being taken advantage of.

  • If a QR code is sent to you electronically, either by a business or a friend, don't assume it's safe. Directly contact whoever you believe sent it to you, through a trusted phone number or email address, and confirm it's legitimate. If a business or organization sent it, look up their phone number on a trusted website rather than calling the number the sender gave you.
  • Do not download a QR code scanner app since it could be malicious. Most phones already have a scanner on them.
  • Do not download an app from a QR code. Go to the app store and look it up.
  • If you scan a QR code, make sure it takes you to the address of the site you intended to go to and that it looks authentic. Hackers may use a URL that looks legitimate but may have a typo or misplaced letter.
  • If you're scanning a physical QR code, such as one on a flyer or poster, be sure there it has not been manipulated, such as with a sticker placed on top of the real code.
  • Be cautious before inputting personal or financial information, no matter where you go online. And don't make payments to a site you accessed via a QR code. Manually enter a trusted URL instead.

Also, since it is tax time, it's a good reminder that the IRS says it does not initiate contact with taxpayers -- whether by text message, email or social media -- to seek personal or financial information.


Source: https://www.abc10.com/article/news/nation-world/malicious-qr-code-warning-fbi/507-5820fe19-5e4a-44e7-8c71-ddf2034c530e

The opinions expressed in our blog are for general informational purposes only and are not intended to provide specific advice or recommendations for any individual or on any specific security. It is only intended to provide education about the financial industry. To determine which investments may be appropriate for you, consult your financial advisor prior to investing. Any past performance discussed during this blog is no guarantee of future results. Any indices referenced for comparison are unmanaged and cannot be invested into directly. As always please remember investing involves risk and possible loss of principal capital; please seek advice from a licensed professional.