Scammers using fake QR codes to steal your information, warns US FTC
07:13PM Mon 11 Dec, 2023
New Delhi, Dec 11 (IANS): As millions of Indians use QR codes for various financial transactions like paying for dinner at a restaurant, board a flight or pay for daily groceries, the US Federal Trade Commission (FTC) has warned the public against scanning any QR code as scammers hide harmful links in QR codes to steal your information.
There are reports of scammers covering up QR codes on parking meters with a QR code of their own. Some crafty scammers might send you a QR code by text message or email and make up a reason for you to scan it.
“They try to con you. They lie and say they couldn't deliver your package and you need to contact them to reschedule; they pretend like there’s a problem with your account and you need to confirm your information,” the FTC said in a consumer alert.
The scammers will also say they noticed suspicious activity on your account, and you need to change your password.
“These are all lies they tell you to create a sense of urgency. They want you to scan the QR code and open the URL without thinking about it,” the FTC warned.
John Fokker, who heads threat intelligence at cybersecurity company Trellix, told The New York Times that they found over “60,000 samples of QR code attacks” in the third quarter this year.
The most popular scams involved payroll and HR personnel impersonators and postal scams.
A scammer’s QR code could take you to a spoofed site that looks real but isn’t.
“If you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realise it,” said the FTC.
According to the FTC, if you see a QR code in an unexpected place, inspect the URL before you open it.
“If it looks like a URL you recognise, make sure it’s not spoofed -- look for misspellings or a switched letter. Don’t scan a QR code in an email or text message you weren’t expecting, especially if it urges you to act immediately,” it suggested.
If you think the message is legitimate, use a phone number or website you know is real to contact the company. Don’t download a QR code scanning app.