Data Recovery Digest

We’re all familiar with QR (quick response) codes by now. Originally invented in 1994 and introduced shortly thereafter for the purpose of tracking vehicles throughout the various manufacturing phases, it was eventually adopted into the world of IT. Primarily meant for mobile users, these codes are easily scanned by modern smartphones, tablets, and some webcams. Doing so will automatically direct the user to a webpage or trigger a text message.

As useful as they are, QR codes also open up brand new avenues of fraud, deception, and other types of cybercrime. Per a recent survey, more than 70% of those polled said that they cannot tell the difference between a legitimate QR code and a malicious one. When you consider that approximately 76 million Americans scanned a QR code in 2021 alone, it’s easy to see how this could be a catastrophe that’s just waiting to happen.

Emerging Threats

Cyberattacks like phishing and social engineering are all too common in the Information Age. Unfortunately, QR codes just provide another method for hackers to use. In cases like this, the QR code itself is often distributed through email, where they typically include a link to some sort of malicious software, or malware.

But QR codes are also used in payment fraud. In some advanced cases of cybercrime, hackers use malicious QR codes to trigger money transfers, leak personal information, or when trying to steal the victim’s login credentials. When targeting wider audiences, hackers are known to post malicious QR codes in public chat groups, forums, and message boards.

Modern QR codes are also used in scenarios involving real-world theft. In this case, they’re often paired with common social engineering techniques that exploit the victim’s trust, empathy, or ignorance. Not only does this increase the chance that the intended victim will use the malicious QR code, but it also increases the odds that they’ll follow other instructions from the hacker – like giving into ransomware demands – too.


An FBI Alert

The threat for malicious and fraudulent QR codes is so high that the FBI recently issued an alert to consumers in the United States. Issued in January 2022, the FBI has specifically stated: “Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.”

In addition, the FBI has also posted some tips to help avoid malicious and fraudulent QR codes, including:

• Verifying authenticity of the QR code and the linked URL

• Using caution when entering sensitive information online

• Ensuring that physical QR codes haven’t been tampered with or modified in any way

• Avoiding payment portals that are linked via QR codes

Moreover, you should also avoid downloading any third-party QR scanner apps for your smartphone. Since most modern smartphones include QR scanning functionality, this third-party software only introduces more potential entry points for hackers and their malicious software.

With QR code usage increasing around the globe, both in terms of overall codes and the amount of codes that are being scanned, tips like this will help keep your information safe and secure.