By Nathalie Voit

The FBI said cybercriminals are tampering with Quick Response (QR) codes to steal victims’ funds in an announcement issued on Jan. 18.

QR codes have been on the rise ever since the onset of the COVID-19 pandemic due to their ability to provide convenient and contactless access for consumers. Many businesses use them to redirect customers to a payment system or an app download page associated with the company. Restaurants frequently use them to direct customers to menus as an alternative to handing out traditional paper menus.

However, the agency said malicious actors are taking advantage of the widespread use of the technology by replacing legitimate codes with fake ones.

Victims who scan a phony code will be directed to a malicious site where they will be prompted to enter sensitive login and financial information. The FBI said that access to this victim information enables scammers to steal victim data, embed malware to gain access to the victim’s device, and redirect payment for cybercriminal use.

Con artists are tampering with both digital and physical QR codes, the agency warned.

“While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer,” the FBI said.

The agency provided helpful tips to help consumers avoid being the target of this latest scam. The FBI said consumers should check a website’s URL after scanning a QR code to ensure the site looks authentic.

“A malicious domain name may be similar to the intended URL but with typos or a misplaced letter,” the agency said.

The agency suggested people check the QR code to ensure it has not been tampered with (“such as with a sticker placed on top of the original code”) before scanning it.

The FBI counseled people against downloading an app directly from a QR code. The agency recommends people download the software from their device’s app store instead.

The FBI advised people to manually enter a known and trusted URL to complete a payment transaction instead of making payments through a site navigated to from a QR code.

The agency warned against downloading a QR code scanner app, as they raise the risk of inadvertently downloading malware onto one’s device. The law enforcement agency said most phones have a built-in scanner through the camera app.

Click here to access the FBI’s full announcement.