FBI Warns of Cybercriminals Tampering with QR Codes in Order to Steal Funds

Colin Thierry Colin Thierry

The FBI issued a warning last week that detailed how cybercriminals are tampering with QR codes in order to redirect victims to malicious sites that steal login and financial information.

Throughout the COVID-19 pandemic, businesses have used QR codes more frequently in order to provide convenient contactless access to customers. However, cybercriminals have taken advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device and redirecting payment for cybercriminal use, according to the FBI warning.

Cybercriminals target both digital and physical QR codes in order to replace legitimate codes with malicious ones. A victim scans what they believe to be a legitimate QR code, but the tampered code directs victims to a malicious site, prompting them to enter login and financial information. Access to this information thus gives cybercriminals the ability to potentially steal funds through victims’ accounts.

Additionally, malicious QR codes may contain embedded malware, which would allow a hacker to gain access to the victim’s location through their mobile device, along with personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

Since businesses and individuals sometimes use QR codes to facilitate payments by providing customers with a QR code directing them to a site where they can make a payment, these codes can also be put at risk by hackers. A cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use, according to the FBI.

“While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code,” the FBI said. “Law enforcement cannot guarantee the recovery of lost funds after transfer.”

The FBI also provided steps that users could take to better protect themselves from cybercriminals stealing their login and financial information through these malicious QR codes.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.