The US residents were cautioned by the Federal Bureau of Investigation (FBI) this week that cybercriminals are using malicious Quick Response (QR) codes for stealing their financial information and credentials.
The warning was issued as a public service announcement (PSA) and was posted on the FBI’s Internet Crime Complaint Center (IC3) earlier this week.
The agency said:
“Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,”
FBI declared that malicious actors are changing legitimate QR codes utilized for payment intentions by organizations to redirect target victims to malicious sites developed to shift payments to their accounts, steal monetary and private information, and install viruses and malware on victims’ devices.
Once the targets scan the malicious codes, they are redirected to the phishing websites and are requested to insert their financial or personal information. The details are sent to cyberattackers who use it to steal money for the hijacked bank accounts as soon as it’s entered.
The FBI declared:
“While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code.”
“Law enforcement cannot guarantee the recovery of lost funds after transfer.”
FBI Advised Americans Regarding Scanning QR Codes
The Federal Bureau of Investigation (FBI) urged Americans to:
- Always check the URL they’ve obtained after scanning the QR codes.
- Be careful while entering personal data on platforms after you have scanned the code.
- Ensure that the physical QR codes haven’t been covered by the malicious ones.
- Avoid installing applications and code scanners through the QR codes.
- Instead of scanning, manually type all URLs while making payments, so it doesn’t lead to a malicious site.
FBI issued another public service announcement in November on the risks of QR codes that alerted Americans that multiple fraud scheme victims are requested to use QR codes and crypto ATMs to restrain all efforts of retrieving their financial losses.
The recent phishing scams have confirmed that cybercriminals are actively using QR codes which makes these attacks pass through security software undetected and successfully redirect their victims to phishing websites where they are instructed to enter the location of their banks, PINs, usernames, codes, etc.
Protect Yourself Against Phishing Attacks
To avoid cyberattacks like these, the first thing you need to do is to know how you can recognize phishing attacks.
Then, here are the following things you can do to protect yourself from these attacks:
- Use an updated browser
- Install an antivirus software
- Avoid suspicious emails
- Check all your accounts from time to time
The future of phishing attacks seems quite dangerous with the rise in cyberattacks each year. Therefore, it’s better to take all kinds of preventive measures than be sorry later.
