FBI Warns Smartphone Users—Fake QR Codes Are Stealing Your Money
The FBI and cybersecurity groups are now warning smartphone users about a new scam known as "Quishing," which involves fake or malicious QR codes. People who frequently use QR codes for payments or logins are especially at risk, with some victims losing thousands of dollars. Here's what you need to know and how to stay safe.
Recently, the FBI and other federal agencies raised alarms about the rise of QR scam attacks or quishing, which involve unsolicited packages arriving at people’s doorsteps. These packages often include QR codes that, when scanned with their camera phones, redirect users to fake websites or prompt them to install malware. This can compromise your device and lead to stolen personal data.
Quishing Targets Online Retailers
The latest concern focuses on these scams targeting users who regularly make digital transactions. Attackers are generating QR codes that link to suspicious websites designed to steal your data. According to the Brandenburg Consumer Advice Centre (VZB), these scams can also infiltrate your phone and bank accounts, allowing fraudsters to siphon off your money.
In one scenario, scammers pose as legitimate customers interested in buying a product. Instead of sending payment directly, they ask the seller to scan a QR code to initiate the transaction. This code may lead to a fake PayPal login page, tricking the victim into entering their account details. This tactic is a form of website phishing.
Some attacks are becoming even more dangerous, using zero-click techniques that don’t require any user interaction. These are typically aimed at high-profile individuals such as politicians, journalists, lawyers, and activists.
Security expert Alex East from Cyber Security Coach Online warns that attackers may place fake QR codes in public and private locations, such as gas pumps or convenience store payment terminals. These codes can redirect users to malicious sites during routine transactions.
How to Protect Yourself from Quishing
To avoid falling victim to QR code scams, VZB advises users to stay vigilant during digital transactions. When making a payment, it's important to ensure that the seller is the one presenting the QR code, rather than scanning one provided by someone else. Always examine the website you're directed to for signs of suspicious activity, such as misspelled domain names or unusual layouts.
But generally, be cautious when scanning QR codes found in unsolicited packages, email attachments, or public spaces, as they may lead to malicious websites. When possible, it's even better to avoid scanning QR codes altogether unless you're certain of their source.
Strengthening your account security with two-factor authentication (2FA) is also highly recommended, especially when money is involved. For even greater protection, consider switching to passkeys, which are a more secure login method now supported by many apps and websites.
Both iPhones and Android devices offer security features that can help detect scams, including alerts for fake websites and scam detection in messages and calls. Be sure to activate these features to maximize protection.
What other tips should users keep in mind to stay safe online and avoid Quishing scams? Share your suggestions in the comments.
Source: DPA Int'l / Yahoo
