Cybercriminals have found yet another avenue into your personal data – and potentially into that of your business.
That gives consumers and business owners and operators one more thing to be concerned about in this digital age.
The FBI says cybercriminals have recently started trying to steal people’s financial and other information – including a victim’s location – through QR codes.
QR codes – those funny looking boxes you see on signs, television screens, in newspapers and a bevy of other locations (including a Super Bowl ad) – have become increasingly popular during the pandemic thanks to their ability to offer touch-free access to things like special offers and menus at restaurants and bars. It’s also the latest way cybercriminals are targeting your information.
QR codes are essentially bar codes people can scan right on their cell phone to launch a web site.
QR codes themselves are not malicious but the ease with which criminals can create fake codes, and even put them in place of legitimate ones, is a growing concern, according to the FBI.
Cybercriminals have taken advantage of QR code technology by directing QR code scans to harmful sites to steal data and embed malware to gain access to the victim’s device and redirecting payment for cybercriminal use, according to the FBI warning.
A victim scans what they believe to be a legitimate QR code, but the tampered code directs victims to a malicious site, prompting them to enter login and financial information. Access to this information thus gives cybercriminals the ability to potentially steal funds through victims’ accounts. Once in your device or computer, a scammer can easily access a lot of other information, including emails, text messages, and if your connected to a business account, a whole host of corporate data.
Additionally, destructive QR codes may contain embedded malware, which would allow a hacker to gain access to the victim’s location through their mobile device, along with personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.
Since businesses and individuals sometimes use QR codes to facilitate payments by providing customers with a QR code directing them to a site where they can make a payment, these codes also can be put at risk by hackers. A cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use, according to the FBI.
Cybersecurity experts say people should examine the web sites that QR codes direct them closely. Only after you verify the source, should you input your personal information or click a link on the web site.
While it’s difficult to tell a fraudulent QR code from a legitimate one, there are some tell-tale signs. If a QR code looks like it has been temporarily stuck to a surface or placed over something else, that’s a good sign it’s a scam, cybersecurity experts said. QR codes that direct users to download an app are also a red flag.
Anthony Schoettle is the director of communications for the Indiana Chamber. He started with the Chamber in 2021 after a long career in journalism. He’s won multiple awards for his storytelling ability on a wide range of business topics.
