The FBI has warned that threat actors have been increasingly leveraging fake QR codes in phishing attacks and cryptocurrency scams to steal users' login credentials and financial data, reports ZDNet
Stolen financial information could then be used by attackers for fund withdrawals, according to the FBI.
"Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim's device, and redirecting payment for cybercriminal use," said the FBI.
Smartphone users have been urged to properly check URLs after QR code scanning, exercise care in inputting credentials and financial data on websites accessed through QR codes, and refrain from using QR codes to download mobile apps, as well as avoid QR code scanner downloads. The FBI also advised users to avoid paying in websites accessed via QR codes.