[BreachExchange] Scammers using QR codes to access personal information

Tue Dec 7 10:02:14 EST 2021

https://www.msn.com/en-us/travel/news/scammers-using-qr-codes-to-access-personal-information/ar-AARxbEg

SIOUX FALLS, S.D. (Dakota News Now) - Scammers are now using QR codes as a
way to steal personal information from consumers. Oftentimes, showing up in
emails, on social media, or in a text message.

The seemingly harmless technology is leading many Americans into trouble,
with scammers now making these convenient codes their newest tool.

“We’re seeing malicious things behind some of these QR codes, where they
can download some malware to your phone or your mobile devices,” Better
Business Bureau South Dakota State Director Jessie Schmidt said.

Schmidt says the BBB is seeing a rise in these types of reports.

“Anything new, anything uncertain, scammers like that uncertainty, that’s
where their sweet spot is and that’s where they really like to fall,”
Schmidt said.

QR codes can show up in a variety of places. When scanned, your information
is at risk.

“It’s very easy to impersonate a legitimate business, for instance, a bank;
it’s easy to copy their logos, it’s easy to copy their website information
and say, for direct access follow this QR code, then they’re in, you’ve
opened the door and let scammers walk right through,” Schmidt said.

The QR code works like any other malicious link.

“If they download, perhaps, some key stroking software to your phone or to
your desktop, everything you enter then shows up on their screen,” Schmidt
said.

Schmidt says you don’t need to be wary of all QR codes, just be vigilant.

“Young people and old people alike are not innately familiar with them, but
the sooner we familiarize ourselves with them, the benefits and pitfalls of
them, the better off we’ll be,” Schmidt said.

The best way to avoid becoming a victim, look before you scan.

“It’s really important that if you’re scanning a QR code that you know the
location and the business that it’s from,” Schmidt said.

It’s important to note, many reputable businesses have turned to QR codes,
and they have become a very useful tool.

However, like any other scam, if something seems wrong or too good to be
true, it probably is.

Below is the full list of tips the BBB gives to avoid QR scams:

How to Avoid QR Scams

If someone you know sends you a QR code, also confirm before scanning it.
Whether you receive a text message from a friend or a message on social
media from your workmate, contact that person directly before you scan the
QR code to make sure they haven’t been hacked.
Don’t open links from strangers. If you receive an unsolicited message from
a stranger, don’t scan the QR code, even if they promise you exciting gifts
or investment opportunities.
Verify the source. If a QR code appears to come from a reputable source,
it’s wise to double-check. If the correspondence appears to come from a
government agency, call or visit their official website to confirm.
Be wary of short links. If a URL-shortened link appears when you scan a QR
code, understand that you can’t know where the code is directing you. It
could be hiding a malicious URL.
Watch out for advertising materials that have been tampered with. Some
scammers attempt to mislead consumers by altering legitimate business ads
by placing stickers or QR codes. Keep an eye out for signs of tampering.
Install a QR scanner with added security. Some antivirus companies have QR
scanner apps that check the safety of a scanned link before you open it.
They can identify phishing scams, forced app downloads, and other dangerous
links.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211207/e2229e17/attachment.html>