This week, Americans have been warned to watch out for maliciously crafted QR codes aimed at stealing credentials and financial information. The FBI posted this warning on their Internet Crime Complaint Center (IC3) last week. In the statement, the law enforcement agency said: “Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.”
Hackers are switching legitimate QR codes posted or advertised by businesses with their own, which redirect victims to carefully crafted spoof websites. Victims are prompted to enter their personal and financial information, giving hackers access to their accounts and to download malware on their devices or divert payments to the attackers’ accounts.