The FBI is warning that cybercriminals have tampered with QR codes to steal consumers’ login, financial information and money.
Crooks are altering both digital and physical QR codes and replacing them with malicious code, the Jan. 19 warning said.
The modifications can allow access to your mobile device that reveals your location and gives access to your personal and financial data.
Use caution if you are trying to make a payment using a code, since bad actors will try to redirect your funds, the FBI said.
The FBI also advised:
- Do not download an app from a QR code; instead use your phone’s app store.
- Do not download a QR code scanner app. Most phones have a built-in scanner in their cameras.
- If you recently bought something and you receive an email saying the payment failed and are asked to complete the payment through a QR code, call the company to verify this. Locate the company’s phone number from a trusted site, not the phone number given in the email.
- If you believe your funds have been stolen from an altered QR code, contact your local FBI field office.
Growth in popularity
QR codes — technically, quick response codes — are black-and-white squares and seemingly everywhere.
They’ve grown increasingly common during the pandemic, cybersecurity professionals say, as coronavirus fears have triggered a demand for touchless transactions. You can show a QR code on your smartphone screen to board an airplane or enter a sporting event, or use your phone's camera to scan a code to learn what’s on a restaurant menu or when the next bus is due.
The codes also appear in direct-mail ads and at retail outlets. Stroll a pharmacy's aisles and you'll see QR codes on packaging for a range of consumer products, from baby food to over-the-counter pain relievers. Scan the code to visit a company's website, get more information about a product, or perhaps even score a coupon or discount.
Danger can lurk behind QR codes
While many of the machine-readable optical labels are trustworthy, some can be downright dangerous. And if you fall victim to a crook lurking behind a fraudulent QR code, you may, in fact, need that extra-strength pain relief.