FBI warns hackers are using fake QR CODES to steal your information

Why you should ALWAYS ask for a physical menu: FBI warns hackers are planting fake QR CODES in restaurants that steal your data when you click the link

  •  Scammers are making fake QR codes to place on top of real ones 
  • This is letting them access smartphones and steal personal data
  • READ MORE:  QR codes should be SCRAPPED immediately, experts say

QR codes have become the new default for accessing restaurant menus across the US post-Covid — but scammers are seizing upon the new practice.

The FBI warns thieves are creating fake QR codes and planting them at eateries, retail shops and even parking meters.

Instead of taking you to an online menu or checkout, the links instantly download malware onto your device, stealing your location and personal information

The FBI has urged consumers to lookout for typos or misplaced letters in URLs accessed through QR codes and ask restaurants for a physical menu.

The FBI and experts are warning the public to beware of fake QR codes placed on top of real ones at restaurants, retail shops and parking meters

QR, which stands for ‘quick response’, codes are machine-readable codes made up of black and white squares that store URLs, payment options and other online services accessed by a smartphone camera.

They have been around since 1994 but made a huge comeback during the COVID pandemic to cater to the contactless society.

The FBI first sounded the alarm on QR scams in January 2022, but more reports are flowing in of people being duped by fake barcodes. 

Carrie Kerskie, president of Kerskie Group in Naples, Florida, told Local ABC 7 that another major QR scam is with parking meters.

The malicious QR codes can contain malware, allowing criminals to access devices that scan them and steal the user’s location and personal information

Fraudulent QR codes are being placed on the back of meters, leading people to assume that is how they pay to park

Fraudulent QR codes are being placed on the back of meters, leading people to assume that is how they pay to park.

READ MORE: ‘Massive and dangerous’ data breach sees more than 500,000 QR code check-in addresses published 

In total, 566,318 location details collected by the NSW Customer Services Department through its QR code system were made public through a government website. 

‘The criminals know that every single person in that parking lot is gonna be clicking on that QR code or taking a picture of it and they might make a website that looks very similar to the legitimate parking website..but it’s not,’ Kerskie said.

A report from Marcum, a New York-based accounting and advisory service, shows that QR code scams are among the top five cybersecurity threats observed in April.

The group highlights scammers are using fake codes to carry out phishing scams in emails and social media messages.

‘Scammers might also approach you through an online marketplace claiming they are trying to purchase goods that you are selling and ask you to scan a QR code,’ according to Marcum.

‘Avoid making payments from a website accessed via a QR code. To make the payment, manually input a recognized and trustworthy website.’

Another area seeing fake QR codes is in the cryptocurrency industry. 

‘Crypto transactions are often made through QR codes associated with crypto accounts… making these transactions easy marks,’ according to a press release from the FBI.

‘If you happen to scan a scammer’s bad code, you could end up giving him access to your device. 

‘He can access your contacts, download malware, or send you to a fake payment portal. 

‘Once there, you can inadvertently give him access to your banking and credit card accounts. If you make a payment through a bad QR code, it’s difficult if not impossible to get those funds back.’

Source: Read Full Article