NEW DELHI: The FBI warned this week that cybercriminals are attempting to steal financial information using QR codes, which restaurants and businesses have increasingly relied on during the coronavirus pandemic.
The scammers are utilising fake QR codes – bar codes that you scan on your phone to access a webpage – to lure visitors to dangerous websites in order to steal their data or hijack funds, according to an FBI public advisory.
A QR code is a square barcode that may be scanned and read with a smartphone camera to enable quick access to a website, trigger the download of an app, or direct money to a specific recipient. Cybercriminals are using this technology by routing QR code scans to malicious sites in order to steal victim data, inserting malware in order to obtain access to the victim’s device, and redirecting payment for cybercriminal purposes.
“People attempting to pay for parking using those QR codes may have been directed to a fraudulent website and submitted payment to a fraudulent vendor,” the Austin Police Department said when it announced an investigation.
Cybercriminals manipulate both digital and physical QR codes in order to substitute valid codes with malicious codes. When a victim scans what appears to be a legitimate code, the modified code takes them to a malicious site, prompting them to enter login and financial information. With access to this victim information, the cybercriminal might possibly steal funds from victim accounts.
Malicious QR codes may also contain embedded malware, granting criminal access to the victim’s mobile device and stealing the victim’s location as well as personal and financial information. The cybercriminal can use the stolen financial information to take money from the victim’s account.
Although QR codes in themselves are not malicious, the simplicity with which thieves can generate their own, false codes to deceive consumers is a cause for concern. The FBI advises users to carefully review the websites that QR codes point them to. The bureau also recommends individuals to download mobile apps via their phones’ app stores rather than QR codes.
TIPS TO PROTECT YOURSELF :
- Check the URL after scanning a QR code to ensure it is the intended site and appears to be genuine. A malicious domain name may resemble the desired URL but contain errors or a misspelt letter.
- When entering login, personal, or financial information on a site accessed using a QR code, be cautious.
- If you’re scanning a physical QR code, make sure it hasn’t been tampered with, for as by putting a sticker on top of the original code.
- A QR code should not be used to download an app. For a safer download, go to your phone’s app store.
- If you receive an email from a firm claiming that a payment failed and the company indicates that you can only complete the payment using a QR code, phone the company to verify. Instead of using the phone number supplied in the email, look up the company’s phone number on a reputable website.
- Downloading a QR code scanner app is not a good idea. This raises the likelihood of malware being downloaded onto your device. The camera app on most phones has a built-in scanner.
- If you receive a QR code that you think belongs to someone you know, contact them using a known phone number or address to confirm that the code belongs to them.
Payments should not be made using a website accessed via a QR code. To finish the payment, manually input a recognised and trusted URL.
Follow The420.in on