The FBI issued a new warning that cybercriminals tamper with Quick Response (QR) codes to steal sensitive information from unsuspecting users. The primary data targeted by these cybercriminals are financial and personal information.
A QR code is a technology that helps people quickly scan with their phone to download apps, make payments, and do other activities. The FBI is warning that scammers are now using the opportunity to steal the information of people through the use of fake QR codes. The use of QR codes gained more prominence during and after the Covid-19 pandemic. Since then, more services, such as restaurants and parking lots, are now using QR codes for payment.
"Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use," the FBI warned the general public.
The FBI warning came shortly after the Massachusetts State Police issued a warning that a fake QR code in parking lots can make an individual sell out their data without knowing about it. The police said cybercriminals now install physical and digital QR codes to redirect people to fraudulent sites.
In most cases, victims would input their passwords and other important data. The FBI first sounded the alarm about the high rate of Fake QR codes in 2022, but it seems it is only increasing. More reports are pouring in of how people were defrauded after scanning a QR code.
Most QR Code Scams Happen at Restaurants and Parking Lots
Carrie Kerskie, president of Kerskie Group in Naples, Florida, told Local ABC 7 that one of the major QR code scams are in parking lots. Most cybercriminals physically go to the parking lots and then install fake QR codes there. Those coming to use the parking lots think it is a real QR code and end up falling for a scam. These QR codes mostly come with malware that immediately scans and collects data from the person's phone.
Mashable Technology Journalist Matt Binder explained how stealing data with QR codes works with parking lots.
"The worst-case scenario is when you input your information to pay, and you're not actually paying, you're just sending over your credit card information or banking account information to the scammers," he said.
To curb the increasing rate of scams involving QR codes, the FBI, while speaking with ABC 7, said people should treat QR codes with care. Not every QR code should be scanned, and people should always verify the authenticity of a QR code before scanning one. They added that people should treat QR codes like they do with unknown messages.
"If your phone downloads that malware, you're at the mercy of the scammers, they could hold your information for ransom. Or they could just shut your phone down. They could steal photographs that are on that phone. You have a lot of vulnerabilities, our cell phones and our lives right now. Treat QR codes like you treat suspicious phishing emails, or text messages from people you don't know," an FBI spokesperson said.