The US Federal Trade Commission (FTC) warns people to be cautious when receiving strange emails or messages asking users to scan QR codes because of unusual signs in their accounts or problems with their delivery orders. These malicious QR codes will redirect users to fake websites that steal personal information.
Kern Smith, vice president of mobile security firm Zimperium, said attacks targeting phones are increasing exponentially because many companies' anti-phishing systems are not equipped to stop fake QR codes.
QR code-based attacks are nothing new, but bad guys are increasingly using this sophisticated tactic, said Shyava Tripathi, a researcher at cybersecurity firm Trellix. Trellix detected more than 60,000 malicious QR code samples in the third quarter of 2023 alone.
Police in several cities in Texas (USA) have found fraudulent QR codes placed on parking meters, linking to a fake payment website. When users pay, the money is transferred to the scammer's account and there is a risk of login information being stolen.
According to The Independent, a 71-year-old woman in the UK lost £13,000 after her payment card details were exposed after scanning a fake QR code. Although the bank she used blocked a series of fraudulent transactions, the scammer continued to call the victim, impersonating a bank employee and convincing her to provide more information. After successfully stealing the information, the scammer created a new account to borrow money and create a credit card under the victim's identity.
In recent years, QR codes have become increasingly popular because of their convenience.
Steve Jeffery, an engineer at global cybersecurity and automation company Fortra, said that most email security systems do not check the content of QR codes, making it difficult to prevent phishing attacks. Instead of sending direct links, bad guys send links via QR codes.
QR code scams increased 51% in September compared to the previous eight months, according to a report by security and risk management company Reliaquest. The spike is due to the popularity of smartphones and users' lack of vigilance when scanning QR codes.
According to The Verge , the FTC recommends that users regularly update their devices, create strong passwords, and set up multi-factor authentication for important accounts. Users should not download QR code scanning apps because the camera app on Android and iOS has this feature built in. Users should also carefully check the link name before clicking because bad guys can swap letters that are different from the original name.
Source link
Comment (0)