According to TechNewsWorld, more and more bad guys are taking advantage of QR codes to steal login information, infect mobile devices with malware, and invade company systems.
The US Federal Trade Commission (FTC) warns people to be cautious when receiving strange emails or messages asking users to scan QR codes because the account has unusual signs or there is a problem with the delivery order. These malicious QR codes will redirect users to fake websites to steal personal information.
Kern Smith, vice president of mobile security company Zimperium, said attacks targeting phones are increasing exponentially because many companies’ anti-fraud systems are not currently equipped to block QR codes.
Shyava Tripathi, a researcher at cybersecurity company Trellix, said QR code-based attacks are not new, but bad guys are using this sophisticated trick more and more. Trellix company discovered more than 60,000 malicious QR code samples in the third quarter of 2023 alone.
Police in several cities in Texas (USA) found fraudulent QR codes placed on parking meters, linking to a fake payment website. When the user pays, the money is transferred to the scammer’s account and there is a risk of login information being stolen.
According to The Independent, a 71-year-old woman in the UK lost £13,000 because she leaked her payment card information after scanning a fake QR code. Even though the bank she used blocked a series of fake transactions, the bad guy continued to call the victim, impersonating a bank employee and convincing her to provide more information. After successfully stealing information, the fraudster creates a new account to borrow money and create a credit card under the victim’s identity.
Steve Jeffery – Skilled An engineer at global cybersecurity and automation company Fortra said most email security systems do not check the content of QR codes, making it difficult to prevent the intrusion of phishing messages. Instead of sending links directly, bad guys will send links via QR codes.
According to a report by security and risk management company Reliaquest, QR-related scams increased by 51% in September compared to the cumulative number in the previous eight months. This sudden increase is due to the popularity of smartphones and users’ lack of vigilance when scanning QR codes.
According to The Verge, the FTC recommends that users regularly update their devices create strong passwords, and install multi-factor authentication for important accounts. Users should not download QR code scanning applications because the camera application on Android and iOS has this function built-in. Users also need to carefully check the link name before clicking because bad guys can swap different letters with the original name.