2 min read

The FBI Thinks You Should Double Check That QR Code

Radu CRAHMALIUC

January 25, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
The FBI Thinks You Should Double Check That QR Code

Quick Response codes, or QR codes as they're better know, seem to have popped up just about everywhere these days. Whether you’re in a hurry to pay for your coffee, hoping to check out the menu at your favorite restaurant or just wanting to open a long URL on your phone, the little square barcodes have got you covered. But how can you tell if the QR code you just scanned is a scam?

Cybercriminals love QR codes

Most times you can’t, and that’s a bit worrisome. Apart from privacy issues, the FBI warns that cybercriminals have been tampering with QR codes to redirect people to malicious sites that steal login and financial information, download malware and redirect payments for cybercriminal use. How can they do that?

Pretty simple: because the human eye can’t distinguish one QR code from another, all they have to do is generate a dummy QR code and stick it over real one. When it comes to digitally generated QR codes, things get a little bit more complicated - hackers need to access the device that generates the QR code or to impersonate a trusted entity, but no effort is too big when you’re a criminal trying to scam your victims out of money, or bitcoin.

That parking spot will cost you extra

Case in point: Police officers in the Texan cities of Austin and San Antonio discovered bogus QR codes stuck onto public parking meters. The parking meters in both cities don't normally display QR codes, and only accept payment via coins, cards or a smartphone. However not everyone knows that and, if the webpage you’re directed to pretends to accept payment for the parking session, you’ll likely pay.

How to stay safe when using QR codes

QR codes on their own are not malicious in nature, and there’s no reason to stop using them altogether. However, you should take certain precautions to protect yourself.

  • Don’t scan random QR codes you find on the street, as there’s a big chance they will redirect you to a malicious website
  • Avoid installing a QR scanner app on your phone as this exposes you to malware; most phones have built-in QR scanners and all you have to do is open your Camera app
  • When dealing with physical QR codes, always check if they have been tampered with stickers
  • Once you scan a QR code, double check that the URL looks legit and the domain isn’t just similar to the intended site
  • Avoid downloading apps from QR codes, and avoid entering financial data through a site navigated to from a QR code. Instead access it manually
  • Double check e-mails and messages asking you to pay or log in using a QR code
  • Consider a mobile security solution. Bitdefender Mobile Security for both Android and iOS protects your devices from a wide range of attacks

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Researchers Find Thousands of Websites that Record Everything You Type Researchers Find Thousands of Websites that Record Everything You Type
Radu CRAHMALIUC

May 16, 2022

2 min read
Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read
Mozilla Says Many Health and Prayer Apps Are Pose Security Risks Mozilla Says Many Health and Prayer Apps Are Pose Security Risks
Silviu STAHIE

May 09, 2022

2 min read