Cybercriminals are tampering with quick response (QR) codes to redirect victims to malicious sites that steal login and financial information, the FBI warned in an alert published last week.
QR codes are square barcodes that smartphone cameras can scan to provide quick access to a website, prompt application downloads or direct payment to an intended recipient.
Businesses have been using QR codes more frequently during the COVID-19 pandemic to provide users with convenient contactless access, but now cybercriminals are taking advantage of this technology and directing QR code scans to malicious sites to steal victim data.
These tampered codes use embedded malware to gain access to the victim’s device, redirecting victims to a malicious site which then prompts them to enter login and financial information.
After gaining access, these malicious actors would be able to steal the victim’s personal and financial information and then leverage the stolen financial information to withdraw funds from victim accounts.
QR Code Attacks get Personal
“These codes are another example of how attackers are moving away from email and relying more on personal channels such as social media platforms and third-party messaging apps to deliver convincing phishing attacks to end users,” explained Hank Schless, senior manager of security solutions at Lookout, an endpoint-to-cloud security company. “Attackers know that we will oftentimes tap a notification or visit a site on our mobile devices without thinking twice.”
He pointed out that since QR codes are presented in the context of some legitimate action, such as visiting a site to make sure you’re registered to vote, people may be more willing to trust that the destination site is secure.
“Because of their simplified interface and smaller screens, it’s much harder to spot phishing sites on smartphones and tablets,” he said. “Many of the red flags we’re used to spotting on PCs, such as a spoofed URL or non-traditional page formatting, are easier to hide on mobile devices.”
Chris Morgan, senior cyber threat intelligence analyst at Digital Shadows, a provider of digital risk protection solutions, added that QR can be particularly…