The legal tech experts at Sensei Enterprises recently shared a new warning from the FBI about malicious QR codes stealing credentials and financial info.
A recent post on the Ride the Lightning blog by Sharon Nelson, president of Sensei Enterprises, summarizes information in the FBI’s warning about the threat hiding in QR codes:
“Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,” the federal law enforcement agency said.
The FBI said crooks are switching legitimate QR codes used by businesses for payment purposes to redirect potential victims to malicious websites designed to steal their personal and financial information, install malware on their devices, or divert their payments to accounts under their control.
After victims scan what appears to be legitimate codes, they are sent to attackers’ phishing sites, where they are prompted to enter their login and
financial info. Once entered, it gets sent to the cybercriminals who can use it to steal money using hijacked banking accounts.
The post continues with key precautions beyond vetting the source of the physical code:
Pay attention to the URL you’re sent to after scanning QR codes, always be cautious when entering your data after scanning a QR code, and make sure that physical QR codes haven’t been covered with malicious ones.
Avoid installing apps via QR codes or installing QR code scanners. Use the one that comes with your phone’s OS.
Always enter URLs by hand when making payments instead of scanning a QR code that could be redirecting you to malicious sites.
Find more in the full post on Sensei’s Ride the Lightning blog.