The FBI has warned that threat actors have been increasingly leveraging fake QR codes in phishing attacks and cryptocurrency scams to steal users' login credentials and financial data, reports ZDNet.
Stolen financial information could then be used by attackers for fund withdrawals, according to the FBI.
"Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim's device, and redirecting payment for cybercriminal use," said the FBI.
Smartphone users have been urged to properly check URLs after QR code scanning, exercise care in inputting credentials and financial data on websites accessed through QR codes, and refrain from using QR codes to download mobile apps, as well as avoid QR code scanner downloads. The FBI also advised users to avoid paying in websites accessed via QR codes.
Identity, Threat Management
FBI: Fraudulent QR codes leveraged in credential, cash exfiltration
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds