Security News > 2022 > January > Surge in Malicious QR Codes Sparks FBI Alert
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
The smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert.
QR codes are the square, scannable codes familiar from applications like touchless menus at restaurants, and have gained in popularity over the pandemic as contactless interactions have become the norm.
"A victim scans what they think to be a legitimate code, but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information," the FBI alert explained.
The FBI said it has also observed threat actors using malicious QR codes to download malware giving them access to a victim's device, where they then accessed financial data to steal money.
Last summer the Better Business Bureau issued an alert that scammers were increasingly abusing QR codes in innovative ways; one elaborate scheme started with a malicious QR code and ended with sending victims to gas stations to use Bitcoin ATMs. Purandar Das, co-founder and CEO at Sotero, said a rise in QR abuse was almost inevitable.