FBI warns of QR code scam
Scammers are creating their own barcodes to swindle users out of data and cash
Quick Response barcodes (QR codes) have taken off in the pandemic, as an easy contactless way to pay for things in restaurants, stores and even parking, but the FBI has now warned that cybercriminals are using them to steal financial data.
Fraudsters are creating their own QR codes that a smartphone camera can scan to provide quick access to a website. These fake QR codes instead lead consumers to phoney websites or malicious sites that can seize payments and sensitive information.
There have been instances where cybercriminals have embedded “malware to gain access to the victim's device”, states an FBI public service announcement released on Tuesday.
Earlier this year, in Austin, Texas, more than two dozen fake QR code stickers were found on parking metres. QR codes are not currently a payment option provided by Austin Transportation.
Authorities are asking people to check if a website or payment site looks legitimate before they enter their sensitive information. “It is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code,” states the FBI. “Law enforcement cannot guarantee the recovery of lost funds after transfer.”
Fraudsters have been working overtime on various digital scams during the pandemic. “We have also seen fake websites, phishing emails that involved stimulus checks, price gouging, scammers impersonating government agencies like Medicare, and promoting fake vaccines. We have also seen an increase in romance scams during Covid-19,” said Vee Daniel, president and chief executive officer of the Better Business Bureau of upstate South Carolina to Congress last year.
The FBI has previously warned that children could be at more risk if they spend more time online during the pandemic. “Children who are home from school and spending more time online may be at increased risk for exploitation,” said the Bureau, but it reiterates that “anyone can be targeted by hackers and scammers ... do not give out your personal information to unknown sources”.