Cybercriminals are trying to steal financial information from Americans through the QR codes that restaurants and businesses have increasingly turned to during the coronavirus pandemic, the FBI warned this week.
The scammers are using fraudulent QR codes — bar codes that you scan on your phone to launch a website — to direct people to malicious sites in order to steal their data or hijack payments, the FBI said in a public advisory. The announcement follows the discovery earlier this month of fraudulent QR code stickers on more than two dozen parking stations in Austin, Texas.
“People attempting to pay for parking using those QR codes may have been directed to a fraudulent website and submitted payment to a fraudulent vendor,” the Austin Police Department said when it announced an investigation.
QR codes themselves are not malicious, but the ease with which criminals can create their own, fake codes to dupe consumers is a concern. The FBI wants people to check the websites that QR codes direct them to carefully. The bureau also advises people to use their phones’ app stores, rather than QR codes, to download any mobile apps.
It’s the latest effort by fraudsters to exploit habits and lifestyle changes during the Covid-19 pandemic. In the pandemic’s early days, as the virus was pummeling Italy and Spain in March 2020, hackers tried to defraud residents of those countries using fake mobile apps claiming to offer updates on the virus.