Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Don’t Click on That QR Code Until You’ve Read the FBI’s Warning!

February 10, 2022

Don’t Click on That QR Code Until You’ve Read the FBI’s Warning!

BleepingComputer reported on January 23 that the Federal Bureau of
Investigation (FBI) has warned Americans that cybercriminals are using
maliciously crafted Quick Response (QR) codes to steal their credentials and
financial info.

The warning was issued as a public service announcement (PSA) published on
the Bureau’s Internet Crime Complaint Center (IC3).

“Cybercriminals are tampering with QR codes to redirect victims to
malicious sites that steal login and financial information,” the federal
law enforcement agency said.

The FBI said crooks are switching legitimate QR codes used by businesses for
payment purposes to redirect potential victims to malicious websites designed
to steal their personal and financial information, install malware on their
devices, or divert their payments to accounts under their control.

After victims scan what appears to be legitimate codes, they are sent to
attackers’ phishing sites, where they are prompted to enter their login and
financial info. Once entered, it gets sent to the cybercriminals who can use it
to steal money using hijacked banking accounts.

“While QR codes are not malicious in nature, it is important to
practice caution when entering financial information as well as providing
payment through a site navigated to through a QR code,” the FBI added.
“Law enforcement cannot guarantee the recovery of lost funds after

Pay attention to the URL you’re sent to after scanning QR codes, always be
cautious when entering yout data after scanning a QR code, and make sure that
physical QR codes haven’t been covered with malicious ones.

Avoid installing apps via QR codes or installing QR code scanners. Use the
one that comes with your phone’s OS.

Always enter URLs by hand when making payments instead of scanning a QR code
that could be redirecting you to malicious sites.

The FBI issued another PSA focused on QR code risks in November, warning
people that victims of various fraud schemes are increasingly asked by
criminals to use QR codes and cryptocurrency ATMs to thwart efforts to recover
their financial losses.

We’ve been preaching for years that QR codes are dangerous – and it looks
like the danger has grown exponentially!

Sharon D. Nelson, Esq., President, Sensei
Enterprises, Inc.

3975 University Drive, Suite 225, Fairfax, VA 22030
Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology