Digital Forensics Dispatch

Malicious QR Codes Can Be Used to Steal Your Information, FBI Cautions

February 8, 2022

Sergiu Gatlan, recently published an article on BleepingComputer about malicious QR codes being used as a hacking scheme. The Federal Bureau of Investigation (FBI) warned Americans in January that cybercriminals are using maliciously crafted QR codes to steal credentials and financial information. The Public Service Announcement was published on its Crime Complaint Center (IC3).

According to the FBI, “Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.” Criminals are taking legitimate QR codes from businesses for payment purposes and redirecting potential victims to a malicious website. This lets them steal the victims’ financial and personal information, reroute their payments to an account under their control, and install malware on their devices.

Victims scan a legitimate looking QR code, and instead of being redirected to the site it is supposed to go to, it takes them to the attackers’ phishing site. They then could be prompted to enter their login or financial information. Once the victim submits their information, it gets sent to the cybercriminals who are controlling the site.

The FBI cautions, “While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code.”

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics