QR Codes Are Being Used By Hackers To Scam Users


QR Codes Have Been Used by Hackers

QR codes with their square barcode regained their popularity when the pandemic began because consumers found them easy to use and businesses did not have to worry about contamination from contact. Along with the rise of QR codes has come with the rise of hackers using them to get past traditional security services. Some can also contain malicious links embedded with malware so cybercriminals can easily obtain your data such as credit card information or social security number.

On Tuesday, the FBI issued the alert, warning that cybercriminals have been targeting both physical and digital QR codes. The tactic is basically a spin-off of phishing scams, in which hackers use fake emails and messages from legitimate companies to trick victims into giving up their password or downloading malware. The culprits are now pasting their phishing scams on top of legitimate QR codes, including those found on parking meters. 

QR phishing attacks are on the rise because they require so little effort to be successful. For one, the codes are physical displays, meaning a harmless one can easily be covered with a nefarious one that brings users to a malicious website. This makes it easy for cybercriminals to “display” the legitimate site that steals login credentials or installs malware.

The FBI added that QR codes “are not malicious in nature.” The technology is really just a barcode; once scanned, it will decode into a URL your smartphone can visit with a single tap. It’s that URL that could lead you to a phishing website or malware posing as an app. 

The FBI issued the following tips on what to watch for and when you should avoid scanning QR codes altogether:

  • Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.

  • Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.

  • If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.

  • Do not download an app from a QR code. Use your phone’s app store for a safer download.

  • If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.

  • Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.

  • If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.

  • Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.

It's a good practice not to download anything from a QR code scan. Be skeptical and don't share sensitive information unless you are sure it's legitimate. A sticker or flier on a light pole should be sounding an alarm in your head. If someone is requesting a payment, on a parking ticket for example, you can trust that there are going to be multiple methods for someone to pay.

For more agent tips and resources, login to myAdmin today!

Popular posts from this blog

Oscar Health 2022 Bonus Program

Bright HealthCare 2022 Early Bonus Blitz Program

HealthSherpa: Multiple Enrollment Groups (Split Policies)