These boxy little codes have exploded in popularity in recent years, both as marketing tools and as savvy ways to avoid physical contact in public environments. Restaurants began asking customers to access virtual menus via QR codes at the start of the pandemic, in lieu of sanitizing physical menus or paying to print disposable paper ones. Entrepreneurs are known to carry business cards with QR codes in the corners, linking to their websites or social media; guerilla artists slap QR codes onto public poles to generate interest in their latest exhibition.
But according to the FBI, QR codes found out in the physical world (versus the virtual one) should be approached with caution. The agency swears that cybercriminals have begun tampering with QR codes to redirect those who scan them to malicious websites. Some of these websites are said to install malware onto victims’ phones and redirect otherwise innocent payments to the criminal. Others prompt victims to enter their financial institution credentials, giving the criminal access to the victim’s bank accounts. While virtual QR codes are tougher to tamper with, bad actors can easily stick altered codes over pre-existing ones in physical environments. And without more than just a glance, a hungry diner who’s just been seated at their favorite eatery might not notice the difference.
It’s important to note that the FBI isn’t asking the public to do away with QR codes completely; After all, the codes have proved an excellent way for individuals and businesses to connect without contact and improve operational efficiency. Instead, the FBI is asking people to look twice before scanning physical codes. The agency recommends that before engaging with a QR code’s destination site, individuals inspect the URL for any typos or misplaced letters; Avoiding app downloads and payments via QR code can be a helpful practice, too, since both can usually be conducted through a more trustworthy source, like a mobile app store or official company website. The FBI also suggests that people exercise caution when entering their login credentials or bank information online, though this is just basic internet hygiene.
Those who have personallyed maliciously-altered QR codes are encouraged to report Their experiences at the FBI’s Internet Crime Complaint Center for possible investigation.