Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
The FTC has warned citizens that QR codes have become a new vector of cyber attacks.
The US Federal Trade Commission (FTC) has issued a warning about the growing threat of fraud using QR codes that can be used to seize control of smartphones, conduct fraudulent transactions or obtain users ' personal information.
QR codes, being two-dimensional barcodes, automatically open a web browser or app when scanned by the phone's camera. They are widely used in restaurants, parking lots, shops, and charities to simplify processes such as viewing online menus or making payments. QR codes are also used in security systems – for example, to log in to accounts on YouTube, Apple TV, and other TV applications.
However, scammers have learned to use trust in QR codes for their own purposes. For more than two years, they have been actively using fake QR codes, replacing them with real ones, for example, at parking meters. The codes lead to fake websites that transfer funds to fraudulent accounts.
In addition, emails aimed at stealing passwords or installing malware use QR codes to redirect users to malicious sites. Since the QR code is inserted into the email as an image, antivirus programs cannot detect fraudulent links. This technique has led to an increase in the number of phishing attacks using images in recent months.
The FTC warns consumers to be wary of these types of scams.
"A QR code from a scammer can redirect you to a fake website that looks authentic. If you enter your data on such a site, criminals will be able to steal it. In addition, a QR code can install malware that steals your information, " the FTC warns.
The FTC's warning comes almost 2 years after a similar warning from the FBI. Recommendations from both agencies include the following measures:
In addition, you should be careful with QR codes used to register a site in two-factor authentication systems, such as Google Authenticator or Authy. Do not allow anyone to see such QR codes and re-register the site if they are compromised.
The US Federal Trade Commission (FTC) has issued a warning about the growing threat of fraud using QR codes that can be used to seize control of smartphones, conduct fraudulent transactions or obtain users ' personal information.
QR codes, being two-dimensional barcodes, automatically open a web browser or app when scanned by the phone's camera. They are widely used in restaurants, parking lots, shops, and charities to simplify processes such as viewing online menus or making payments. QR codes are also used in security systems – for example, to log in to accounts on YouTube, Apple TV, and other TV applications.
However, scammers have learned to use trust in QR codes for their own purposes. For more than two years, they have been actively using fake QR codes, replacing them with real ones, for example, at parking meters. The codes lead to fake websites that transfer funds to fraudulent accounts.
In addition, emails aimed at stealing passwords or installing malware use QR codes to redirect users to malicious sites. Since the QR code is inserted into the email as an image, antivirus programs cannot detect fraudulent links. This technique has led to an increase in the number of phishing attacks using images in recent months.
The FTC warns consumers to be wary of these types of scams.
"A QR code from a scammer can redirect you to a fake website that looks authentic. If you enter your data on such a site, criminals will be able to steal it. In addition, a QR code can install malware that steals your information, " the FTC warns.
The FTC's warning comes almost 2 years after a similar warning from the FBI. Recommendations from both agencies include the following measures:
- After scanning the QR code, make sure that it leads to the official URL of the site or service;
- Enter your username and password or payment details only after a thorough site review;
- Before scanning the QR code in the menu, in the parking lot, or at the seller, make sure that it has not been replaced;
- Be especially careful with QR codes embedded in the email text.;
- Do not install third-party QR code scanners on your phone unnecessarily, and check the app developer carefully.
In addition, you should be careful with QR codes used to register a site in two-factor authentication systems, such as Google Authenticator or Authy. Do not allow anyone to see such QR codes and re-register the site if they are compromised.
