FBI Warns Criminals Hack QR Code to Steal Financial Data

Online sales in the United States could top $207 billion.

Online sales in the United States could top $207 billion.

Photo: ISSOUF SANOGO/AFP/Getty Images

The FBI revealed that criminals manipulate QR codes to redirect victims to websites that steal financial and login information from various accounts of all those who make use of these technological options.

The QR code is a figure of square bars that the camera of a smartphone can scan and read, it gives access to a website, to request the download of an application and so on. direct the payment to an intended recipient.

According to the federal agency, cybercriminals are taking advantage of this technology by directing QR code scans to dubious sites to steal data from victims, embedding malware to gain access to the device and redirecting payment for use by criminals.

According to the FBI, digital and physical QR codes are manipulated by cybercriminals to replace legitimate codes with fake codes. A victim scans what they think is legitimate code, but the code directs them to a fake site, which prompts them to enter financial information and login.

Access to this victim information gives the criminal the ability to steal funds through user accounts.

Malicious QR codes can also contain embedded malware, allowing a criminal to gain access to a victim’s mobile device and steal the victim’s location, personal and financial information. The cybercriminal can take advantage of the stolen financial information to withdraw funds from the victims’ accounts.

QR codes are also often used by businesses and individuals to facilitate payments. A business provides customers with a QR code that directs them to a site where they can complete a transaction.

But according to the FBI, a cybercriminal can replace the intended code with a doctored QR code and redirect the sender’s payment for use by criminals without the user knowing.

The federal agency recommends that people who use this type of technology be careful when entering financial information and when providing payments through a site that is navigated through a QR code. The police cannot guarantee the recovery of lost funds after the transfer.

The FBI recommends the following when using a QR code:

one. Once you scan a QR code, check the URL to make sure it’s the intended site and looks authentic. A malicious domain name can be similar to the desired URL, but with typos or a misplaced letter.

two. Be careful when entering login, personal, or financial information from a site you navigated to from a QR code.

3. If you scan a physical QR code, make sure the code hasn’t been tampered with, for example with a sticker placed on top of the original code.

You may also like: Facebook warns that 50,000 users were targeted by “cybermercenaries”