“Cybercriminals are Tampering with QR Codes to Redirect Victims”, FBI Warns

The Federal Bureau of Investigation (FBI) has issued a warning regarding Malicious QR codes that are being used by criminals to scam Americans.

The FBI issued a warning as a public service announcement (PSA), that was published on the FBI’s Internet Crimes Complaint Center (IC3) earlier this week. The FBI warned citizens of America that cybercriminals are using malicious Quick Response (QR) codes to steal victims’ personal and financial credentials.

The law enforcement authority stated that the penetrators are replacing legit QR codes that are being used by the businesses for payment gateways with malicious ones to redirect the victims to bogus websites designed to steal Personally Identifiable Information (PII) along with the financial credentials. Furthermore, malware virus is then installed on their devices, or payments are diverted to criminals’ accounts.

“Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,” the federal law enforcement agency said.

After the victims scan the codes that appear legitimate, they are directed towards criminals’ phishing websites, where customers are provoked to provide their financial credentials. Once, the financial information is entered, the cybercriminals get access to PII and use it to steal funds using hijacked bank accounts.

“While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code,” the FBI added. “Law enforcement cannot guarantee the recovery of lost funds after transfer.”

The federal investigation authority advised locals to pay attention to the URL they are sent after scanning QR codes, always verify the sites before providing any kind of information, and make sure that the physical QR codes have not been replaced with malicious ones. Last but not least, always enter the URLs by hand when making payments instead of scanning QR codes that probably could be set up to redirect to the phishing sites. In addition to this, people should also avoid installing applications from QR codes, instead use the apps that come with the smartphone’s operating system.

Like this, the FBI had issued another PSA associated with QR codes risk in November 2021, alerting the people of America of emerging fraud schemes like criminals using malicious QR codes and cryptocurrency ATMs to hinder efforts to recover financial losses. For example, in a recent phishing attack targeting German e-banking customers, criminals use QR codes instead of buttons in spam emails to make their activities impossible to determine by the bank’s cybersecurity systems and seamlessly redirect the victims to phishing websites. Unfortunately, customers were redirected to the malicious landing pages and ended up providing personal and financial information.

Suggested Read: SMS Phishing Scams are Impersonating State Agencies – FTC Warns