FBI warns against theft of passwords via QR code

top cybersecurity companies

Cyber ​​criminals also target financial data. They take advantage of the fact that QR codes are being used more and more frequently for contactless information exchange during the corona pandemic.

Scammers are taking advantage of the growing popularity of QR codes by manipulating the pixelated barcodes and redirecting victims to websites that steal logins and financial information, the FBI said in a recent security alert.

“Businesses are legitimately using QR codes to provide convenient contactless access, and they have become increasingly popular during the COVID-19 pandemic. However, cybercriminals exploit this technology by directing QR code scans to malicious websites to steal victims’ data, embed malware to gain access to the victim’s device, and redirect payments for cybercriminal purposes,” writes the US -Federal Police.

While no recent examples of QR scams are given, QR codes were used in phishing emails in October to obtain credentials for Microsoft 365 to steal. The QR codes were useful to the attackers because the barcode images bypassed email filters that use URL scanners to block malicious links.

The FBI also said in October that it had recently received increased reports of malicious QR codes being used, particularly in cryptocurrency scams. “Crypto transactions are often made through QR codes associated with crypto accounts, making these transactions an easy target,” according to the FBI. “Don’t scan a randomly found QR code.”

FBI tips for smartphone users include: Check the URL after scanning a QR code, as the URL may look like the legitimate website; be careful when entering login credentials or financial information on a website accessed via a QR code; avoid downloading an app from a QR code and use an official app store instead. Don’t download a QR code scanner either, most phones have one built into the camera app or browser.

Leave a Reply

Your email address will not be published.