Photo: ISSOUF SANOGO / AFP / Getty Images
For: Luis Diaz Updated 20 Jan 2022, 9: 48 am EST
The FBI revealed that criminals manipulate QR codes to redirect victims to websites that steal financial information and login information of various accounts of all those people who make use of these technological options.
The QR code is a square bar figure that can be scanned and read by a smartphone camera, it gives access to a website, to request the download of an application and so direct the payment to an intended recipient.
According to the federal agency, cybercriminals are taking advantage of this technology by directing QR code scans to dubious sites to steal data from victims, embedding malware to gain access to the device and redirecting payment for use of the delinquents.
According to the FBI, cybercriminals manipulate digital and physical QR codes to replace legitimate codes with fake codes. A victim scans what they think is a legitimate code, but the code directs them to a fake site, which prompts them to enter financial information and login.
Access to this information the victim gives the criminal the ability to steal funds through user accounts.
Malicious QR codes can also contain embedded malware , allowing a criminal to gain access to a victim’s mobile device and steal the victim’s location, personal and financial information. The cybercriminal can take advantage of the stolen financial information to withdraw funds from the victims’ accounts.
Companies and individuals also generally use QR codes to facilitate payments. A business provides customers with a QR code that directs them to a site where they can complete a transaction.
But according to the FBI, a cybercriminal can replace the intended code with a tampered with QR code and redirect the sender’s payment for use by criminals without the user being aware.
The agency The federal government recommends that people using this type of technology be careful when entering financial information and providing payments through a site that is navigated to via a QR code. The police cannot guarantee the recovery of lost funds after the transference.
The FBI recommends the following when using a QR code:
1. Once you scan a QR code, check the URL to make sure it is the desired site and looks authentic. A malicious domain name can be similar to the intended URL, but with typos or a misplaced letter.
2. Be careful when entering login, personal or financial information from a site to which you navigated from a QR code.
3. If you scan a physical QR code, please make sure that the code has not been tampered with, for example, with a label placed on top of the original code.
You may also like: Facebook warns that 50,000 users were targeted by “cybermercenaries