It looks like you're new here. If you want to get involved, click one of these buttons!
Scammers have used QR codes to steal personal information by imitating legitimate companies or sending deceptive emails and text messages, the Federal Trade Commission said.
QR codes, the square bar codes that can be scanned and read by smartphones, are seemingly used everywhere: to board flights, enter concerts and look at restaurant menus.
But scammers trying to steal personal information have also been using QR codes to direct people to harmful websites that can harvest their data, wrote Alvaro Puig, a consumer education specialist at the Federal Trade Commission, in a blog post Wednesday on the agency’s consumer advice page.
Would-be scammers hide dangerous links in the black-and-white jumble of some QR codes, the F.T.C. warned.
The people behind those schemes direct users to the harmful QR codes in deceptive ways, using tactics that include placing their own QR codes on top of legitimate codes on parking meters or sending the patterns to be scanned by text or email in ways that make them appear legitimate, the post said.
Once people have clicked those links, the scammer can steal information that is entered on the website. The QR code can also be used to install malware that steals the person’s personal information, the F.T.C. said.
The deceptive codes sent by text or email often use lies to create a sense of urgency, such as saying that a package couldn’t be delivered and it needs to be rescheduled or posing as a company and saying that there is suspicious information on a person’s account and that the user’s password needs to be changed, the F.T.C. said.
© 2015 Mutual Fund Observer. All rights reserved.
© 2015 Mutual Fund Observer. All rights reserved. Powered by Vanilla
Comments
That's no different than a spam link sent to you out of the blue. It's not specific to QR codes in terms of an attack vector.
"The people behind those schemes direct users to the harmful QR codes in deceptive ways, using tactics that include placing their own QR codes on top of legitimate codes on parking meters or sending the patterns to be scanned by text or email in ways that make them appear legitimate, the post said."
That's very true. A good rule of thumb, only scan a QR code from vendors/places you can probably trust as legit uses. I put this in the category as credit-card skimmers mounted on ATMs or gas pumps. Of course, if I see one that looks modified, I won't use it ... better still, pay by phone (or tapped card) that uses NFC and avoid the middleman.