Security News

In this interview with Help Net Security, Neil Clauson, Regional CISO at Mimecast, talks about the threats of QR code phishing, explains the vulnerabilities of such technology and how to make sure not to fall prey to such attack. In the case of QR codes being used as a form of payment, the FBI warned that cybercriminals can use tampered QR codes to redirect payments, stealing victim funds for their own personal use.

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware. The smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert.

"Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information," the federal law enforcement agency said.The FBI said crooks are switching legitimate QR codes used by businesses for payment purposes to redirect potential victims to malicious websites designed to steal their personal and financial information, install malware on their devices, or divert their payments to accounts under their control.

The City of Austin is warning about QR codes stuck to parking meters that take people to fraudulent payment sites.

A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process. If the embedded button is clicked, the victim arrives at the phishing site after passing through Google's feed proxy service 'FeedBurner.

The Federal Bureau of Investigation warns that victims of various fraud schemes are increasingly asked by criminals to use cryptocurrency ATMs and Quick Response codes, making it harder to recover their financial losses. "The FBI has seen an increase in scammers directing victims to use physical cryptocurrency ATMs and digital QR codes to complete payment transactions," the federal law enforcement agency said.

Simply navigating a smartphone camera over the image allows the device's QR translator-built into most mobile phones-to "Read" the code and open a corresponding website. "The problem with QR codes stems from how easy they are to use," they wrote in a report published Tuesday about the growing number of QR code scams.

Quick-response codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. Fake QR codes were placed over genuine COVID safe check-ins and once scanned, it is understood it led people to a website with information against vaccinations.

"Early in the pandemic, restaurants were using QR codes as menus or payment options, but as the pandemic continued throughout 2020, consumers used QR codes more frequently for practical things like visiting a doctor's office or picking up a prescription," according to Ivanti's report, issued on Wednesday. "Meanwhile, social activities like dining out or enjoying a drink at a bar saw QR code usage decrease in that six-month period. Even offices and places of work saw an increase in usage going from 11 percent to 14 percent, emphasizing the shift in how QR codes have been used during the pandemic."

57% of respondents to a new Ivanti study claim to have noticed an increase in the usage of QR codes since mid-March 2020. Early in the pandemic, restaurants were using QR codes as menus or payment options, but as the pandemic continued throughout 2020, consumers used QR codes more frequently for practical things like visiting a doctor's office or picking up a prescription - with an increase from 9% in 2020 to 14% in 2021.