Growing abuse of QR codes in malware and payment scams prompts FTC warning

A A woman scans a QR code in a cafe to view the menu online. Enlarge / A women analyzes A QR coded In A coffee has see THE menu online.

THE WE Federal Trade Commission has become THE last organization has warn against THE growth to use of QR codes In scams that attempt has take control of smartphones, TO DO fraudulent charges, Or get staff information.

Short For fast answer codes, QR codes are two-dimensional bar codes that automatically open A the Web Navigator Or application When they are scanned using A phone camera. Restaurants, car park garages, traders, And charities display them has TO DO he easy For people has open online menus Or has TO DO online Payments. QR codes are Also used In security sensitive contexts. Youtube, Apple TV, And dozens of other TV applications, For example, allow someone has sign In has their account by scanning A QR coded poster on THE screen. THE coded opens A page on A Navigator Or application of THE phone, Or THE account password East Already stored. Once open, THE page authenticates THE even account has be open on THE TV application. Two-factor authentication apps provide A similar to flow using QR codes When registration A new account.

THE ubiquity of QR codes And THE trust put In them doesn't has been lost on scammers, However. For more that two years NOW, car park plot kiosks that allow people has TO DO Payments through their Telephone(s) to have has been A favorite target. Scammers dough QR codes on THE legitimate those. THE scam QR codes lead has look alike sites that funnel funds has fraudulent accounts instead that THE those control by THE car park garage.

In other case, emails that attempt has fly Passwords Or install malware on user devices to use QR codes has lure targets has malicious sites. Because THE QR coded East integrated In THE E-mail as A picture, Anti-phishing security software is not it able has detect that THE link he led has East malicious. By comparison, When THE even malicious destination East present as A text link In THE E-mail, he stands A a lot upper probability of be reported by THE security software. THE ability has bypasses such protections has directed has A torrent of image based phishing In recent month.

Last week, THE FTC warned consumers has be on THE attention For these types of scams.

"A scammers QR coded could take You has A usurped site that looks real but This is not the case, " THE advisory declared. "And if You save In has THE usurped site, THE scammers could fly any of them information You enter. Or THE QR coded could install malware that stolen your information Before You realize that."

THE warning came almost two years After THE FBI issued A similar advisory. Advice issued Since both agencies include:

After scanning A QR coded, ensure that he led has THE official URL of THE site Or service that provided THE coded. As East THE case with traditional Phishing scams, malicious domain names can be almost identical has THE destined A, except For A Single lost letter. Enter to log in credentials, payment map information, Or other sensitive data only After ensure that THE site open by THE QR coded pass A close inspection using THE criteria above. Before scanning A QR coded present on A menu, car park garage, supplier, Or charity, ensure that he doesn't has been falsified with. Thoroughly look For stickers put on high of THE original coded. Be very suspicious of any of them QR codes integrated In THE body of A E-mail. There are rarely legitimate the reasons For benign emails Since legitimate sites Or services has to use A QR coded instead of A link. Don't do it install autonomous QR coded scanners on A phone without GOOD reason And SO only After First of all thoroughly scrutinizing THE developer. Telephone(s) Already to have A integrated to scan available through THE camera application that will be more trustworthy.

A additional word of caution When he come has QR codes. Codes used has register A site In two-factor authentication Since Google Authenticator, Authy, Or another authenticator application provide THE secret seed token that controls THE constantly evolving once password poster by these applications. Don't do it allow anybody has see such QR codes...

  Technology   Dec 12, 2023   0   14  Add to Reading List
Growing abuse of QR codes in malware and payment scams prompts FTC warning
A A woman scans a QR code in a cafe to view the menu online. Enlarge / A women analyzes A QR coded In A coffee has see THE menu online.

THE WE Federal Trade Commission has become THE last organization has warn against THE growth to use of QR codes In scams that attempt has take control of smartphones, TO DO fraudulent charges, Or get staff information.

Short For fast answer codes, QR codes are two-dimensional bar codes that automatically open A the Web Navigator Or application When they are scanned using A phone camera. Restaurants, car park garages, traders, And charities display them has TO DO he easy For people has open online menus Or has TO DO online Payments. QR codes are Also used In security sensitive contexts. Youtube, Apple TV, And dozens of other TV applications, For example, allow someone has sign In has their account by scanning A QR coded poster on THE screen. THE coded opens A page on A Navigator Or application of THE phone, Or THE account password East Already stored. Once open, THE page authenticates THE even account has be open on THE TV application. Two-factor authentication apps provide A similar to flow using QR codes When registration A new account.

THE ubiquity of QR codes And THE trust put In them doesn't has been lost on scammers, However. For more that two years NOW, car park plot kiosks that allow people has TO DO Payments through their Telephone(s) to have has been A favorite target. Scammers dough QR codes on THE legitimate those. THE scam QR codes lead has look alike sites that funnel funds has fraudulent accounts instead that THE those control by THE car park garage.

In other case, emails that attempt has fly Passwords Or install malware on user devices to use QR codes has lure targets has malicious sites. Because THE QR coded East integrated In THE E-mail as A picture, Anti-phishing security software is not it able has detect that THE link he led has East malicious. By comparison, When THE even malicious destination East present as A text link In THE E-mail, he stands A a lot upper probability of be reported by THE security software. THE ability has bypasses such protections has directed has A torrent of image based phishing In recent month.

Last week, THE FTC warned consumers has be on THE attention For these types of scams.

"A scammers QR coded could take You has A usurped site that looks real but This is not the case, " THE advisory declared. "And if You save In has THE usurped site, THE scammers could fly any of them information You enter. Or THE QR coded could install malware that stolen your information Before You realize that."

THE warning came almost two years After THE FBI issued A similar advisory. Advice issued Since both agencies include:

After scanning A QR coded, ensure that he led has THE official URL of THE site Or service that provided THE coded. As East THE case with traditional Phishing scams, malicious domain names can be almost identical has THE destined A, except For A Single lost letter. Enter to log in credentials, payment map information, Or other sensitive data only After ensure that THE site open by THE QR coded pass A close inspection using THE criteria above. Before scanning A QR coded present on A menu, car park garage, supplier, Or charity, ensure that he doesn't has been falsified with. Thoroughly look For stickers put on high of THE original coded. Be very suspicious of any of them QR codes integrated In THE body of A E-mail. There are rarely legitimate the reasons For benign emails Since legitimate sites Or services has to use A QR coded instead of A link. Don't do it install autonomous QR coded scanners on A phone without GOOD reason And SO only After First of all thoroughly scrutinizing THE developer. Telephone(s) Already to have A integrated to scan available through THE camera application that will be more trustworthy.

A additional word of caution When he come has QR codes. Codes used has register A site In two-factor authentication Since Google Authenticator, Authy, Or another authenticator application provide THE secret seed token that controls THE constantly evolving once password poster by these applications. Don't do it allow anybody has see such QR codes...

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow