Fake QR codes are reportedly being circulated to trap iPhone users into turning over money or installing malware. QR codes were introduced to make transactions during the pandemic, enabling people to safely order food, pay for parking, redeem offers, and more, to avoid COVID-19 transmission. The easy and contactless transactions increased in popularity massively thereafter. The increased popularity grabbed the attention of online scammers and fake QR codes have started to circulate in the market. These are used in places where QR codes are used legitimately, making it hard to know which ones to trust. Several cases of fake QR codes have caught the attention of the FBI in the US.
As reported by ABC, the FBI has warned users of cybercriminals using altered Quick Response (QR) codes to steal their personal and financial information. The report suggests that unwitting users are directed to malicious sites that prompt them to enter their bank details and login details as well as make them vulnerable to malicious attack.
Dave Ring, section chief of the FBI’s Cyber Division is quoted by ABC as saying, “A cybercriminal can swap out a completely innocuous legitimate QR code for one that directs people to a malicious site, and that malicious site may prompt someone to click a link and could potentially download malware onto their device”.
Police in San Antonio, Texas, have shared that the fake QR codes were found on parking meters throughout the city. The department has tweeted that people attempting to pay for parking are directed to a fraudulent website and submitted payment to a fraudulent vendor.
The Better Business Bureau (BBB), a non-profit organization focuses on business ethics, has reported 95 scam complaints that mention QR codes. A submission from January 10, 2022 reported that an individual has lost almost $4,000 in a scam that employed a QR code leading to a phony brokerage account. The BBB has advised users to ensure that the QR code they are scanning is not the fake ones before making any transactions. The organization also shared that users must keep an eye out for physical tampering i.e, they must not scan a QR code if a sticker has been placed over it.