FTC warns QR codes can steal money and install malware
QR codes are everywhere, but aren't always safe, FTC warns
When you scan a QR code, how sure are you that you know exactly where it will take you and what it will do?
QR codes have become a convenient part of everyday life, and most of us will see at least one every day.
But scammers are abusing their convenience by routing you through to malicious websites that can steal your data, process fraudulent transactions, and download malware.
Scan here for a surprise
Quick response codes, better known as QR codes, are typically a collection of pixelated black shapes that, when scanned by a mobile camera, route the user through to a website. These have become an increasingly popular method for providing a menu, paying a bill, or for accessing information.
However, their security isn't always guaranteed as there is little to stop a scammer from placing their own QR code on top of the legitimate one, and sending you to a spoof website that may appear identical to the one you may have been trying to access.
From here, the website may ask for payment, ask you to download a file containing malware, or steal sensitive information.
QR codes are also increasingly being used within phishing emails, as spam filters are unable to recognize that a QR code could be routed through to a malicious website, allowing it to slip into your inbox unhindered.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As a result of the vulnerabilities posed by QR codes, the US Federal Trade Commission has issued a warning against the use of QR codes, and has issued guidance on staying secure when navigating through a site provided via a QR code.
This guidance includes:
- Ensuring the URL of the website a QR code routes you through is legitimate and does not contain any irregularities from the URL of the page you are expecting to visit, such as a singular misplaced letter.
- Never enter any sensitive information until you are sure the website is legitimate.
- Check QR codes for any sign of tampering which may indicate the QR code has been replaced or covered by a fake one.
- Most mobiles today have the ability to scan QR codes with the default camera, so always be suspicious if a QR code requires a specific QR code scanner provided by a third party.
- There is almost no functionality for embedding a QR code into an email, so always remain alert if you receive an email in this format.
Via ArsTechnica
More from TechRadar Pro
- Cyber attacks against key US infrastructure continue, but this time its China
- Looking to protect your organisation? Here is our guide to the best endpoint protection software
- A whole new kind of Linux malware has been found in the wild
Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but also likes to draw on his knowledge of geopolitics and international relations to understand the motivations and consequences of state-sponsored cyber attacks. Benedict has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham.
A US supercomputer with 8,000 Intel Xeon CPUs and 300TB of RAM is being auctioned — 160th most powerful computer in the world has some maintenance issues though and will cost thousands per day to run
French startup reveals quasi-immortal sensor that doesn't need energy to work — SilMach's ultra cheap microsensors can be used in a dizzying array of use cases