The growing cybersecurity concerns today see another contender enter the list, as QR codes are now considered to be compromised, especially for old ones, the US Federal Trade Commission (FTC) warns. Scanning QR codes has been a significant practice for many to get redirected to a certain website, service, or information online, but some threat actors are taking advantage of its links.
FTC Warns Against Bad QR Codes on the Rise
A recent consumer alerts blog post by the FTC is now warning the world regarding the rise of bad QR codes that are currently distributed by threat actors, amidst public places or via communication platforms.
A scammer's QR code could take you to a spoofed site that looks real but isn't. And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.
There are different types of campaigns regarding QR code malware and phishing campaigns now, and these could be available in public places like parking meters, restaurants, and more, but also sent through email or texts.
FTC also warns about those sending out notices about 'suspicious activities' where threat actors recommend scanning a QR code to protect your data, device, and more.
As many as 60,000 Attacks Recorded
As per The New York Times' report, the third quarter of 2023 saw as much as 60,000 samples of QR codes that were used for attacks, with the cybersecurity company, Trellix, detailing their latest study.
With this, the FTC recommends ignoring received emails or texts that center on urgent requests to scan a QR code, relating to cybersecurity attacks or opportunities to earn money. Moreover, users may inspect the URL before opening.
Lastly, it is recommended to protect their device by updating to the latest OS version and ensuring one uses two-factor authentication and strong passwords.
QR Codes and Cyberattacks
As many features and advancements QR code brings, like many aspects of the internet, it has also been subject to being manipulated by bad actors in getting people misled by what it brings. Back during the COVID era, there was an Australian man who launched a campaign of putting fake QR codes that directed people to anti-vaccination sites.
However, apart from duping people regarding their beliefs about the recent pandemic, threat actors also used QR codes to trick victims into downloading malware using their devices. One of the main features of QR codes is users only need to scan them to get redirected to an app or website, and this centered on campaigns regarding student loans where some registered, only to find out that it employs an attack.
Cyberattacks come in different forms and methods, and some use everyday tools that lead people to get their information and personal data stolen. To avoid different kinds of phishing campaigns and data theft through QR codes, it is important to be vigilant in scanning certain ones, including old codes, as the growing attacks from threat actors are now looking to victimize many.