The FBI issued a warning last week that detailed how cybercriminals are tampering with QR codes in order to redirect victims to malicious sites that steal login and financial information.
Throughout the COVID-19 pandemic, businesses have used QR codes more frequently in order to provide convenient contactless access to customers. However, cybercriminals have taken advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device and redirecting payment for cybercriminal use, according to the FBI warning.
Cybercriminals target both digital and physical QR codes in order to replace legitimate codes with malicious ones. A victim scans what they believe to be a legitimate QR code, but the tampered code directs victims to a malicious site, prompting them to enter login and financial information. Access to this information thus gives cybercriminals the ability to potentially steal funds through victims’ accounts.
Additionally, malicious QR codes may contain embedded malware, which would allow a hacker to gain access to the victim’s location through their mobile device, along with personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.
Since businesses and individuals sometimes use QR codes to facilitate payments by providing customers with a QR code directing them to a site where they can make a payment, these codes can also be put at risk by hackers. A cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use, according to the FBI.
“While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code,” the FBI said. “Law enforcement cannot guarantee the recovery of lost funds after transfer.”
The FBI also provided steps that users could take to better protect themselves from cybercriminals stealing their login and financial information through these malicious QR codes.