Banner image for Scaling New Heights 2024, the premier accounting technology conference in the United States. The image features the conference theme and dates.
 
Share With Your Clients - QR Codes Are the Latest Cyber Threat

Share With Your Clients - QR Codes Are the Latest Cyberthreat

Cathy Roth
Posted by Cathy Roth on Jan 21, 2022 11:17:04 AM

This week, the FBI issued a public service announcement about cybercriminals tampering with QR codes for purposes of theft. How can you protect yourself and your clients, even if you don't use QR codes in your own business?

The Basics of QR Codes and the Opportunity for Criminals

QR codes are square barcodes that may be scanned and read with a smartphone camera to enable quick access to a website, trigger the download of an app, or direct money to a specific recipient. Businesses have been using QR codes more commonly since the beginning of the pandemic (think of all of the restaurant menus you have scanned). And, now that QR codes are being used more frequently, cybercriminals have seen this as an opportunity to route QR code scans to malicious sites in order to steal victim data, embed malware in order to get access to the victim's device, and redirect payment for cybercriminal purposes.

What Are Cybercriminals Doing with QR Codes?

Cybercriminals are hacking into the code behind the QR code, in both digital and physical QR codes, and replacing valid codes with harmful codes. Then, when a victim scans what appears to be a legitimate code, the altered code leads them to a malicious website. 

These criminals are doing multiple things with their malicious websites.

1. The victim may be directed to a page that asks for log-in and other identifying information that may give the cybercriminal access to financial accounts.  

2. Malicious QR codes may also contain embedded malware, allowing a criminal to obtain access to the victim's mobile device. Once the cybercriminal has this information, they can steal personal and financial information as well as the victim's location, enabling them to steal money from the victim's account.

3. QR codes are sometimes used by businesses and individuals to make payments easier. Customers are given a QR code that directs them to a website where they may conduct a financial transaction. In this case, the cybercriminal can substitute a modified QR code for the intended code and reroute the sender's cash for cybercriminal use.

Tips to Protect Yourself (and Your Clients) From Malicious QR Codes

Please share the following tips with your clients. 

  • When entering login, personal, or financial information on a site accessed using a QR code, be cautious extremely cautious. 
  • Check the URL after scanning a QR code to ensure it is the intended site and appears to be genuine. A malicious domain name may closely resemble the desired URL but will contain errors or a misspelled letter.
  • If you're scanning a physical QR code, make sure it hasn't been tampered with, for as by putting a sticker on top of the original code.
  • Do not use QR codes to download apps. It is much safer to go to your phone's app store.
  • If you receive an email from a firm claiming that a payment failed and the company indicates that you can only complete the payment using a QR code, phone the company to verify. Also, instead of using the phone number supplied in the email, look up the company's phone number on a reputable website.
  • Downloading a QR code scanner app is not a good idea. This raises the likelihood of malware being downloaded onto your device. The camera app on most phones has a built-in scanner.
  • If you receive a QR code that you think belongs to someone you know, contact them using a known phone number or address to confirm that the code belongs to them.

You can view the FBI Public Service Announcement here

Topics: Business Technology

 

Sign up and stay plugged into the education, news pieces and information relevant to you.

Subscribe to The Woodard Report today! 

Do you have questions about this article? Email us and let us know > info@woodard.com

Comments:

Most Recent Articles

The Woodard Report provides educational articles, news pieces and relevant information to advance the understanding and knowledge surrounding the accounting profession and technologies connected to that profession.

More Woodard:

© 2022 Woodard Events, LLC All Rights Reserved. Woodard, Tech Makeover, and Woodard Institute are trademarks of Woodard Events, LLC. Scaling New Heights is a registered trademark owned by Woodard Events, LLC. Woodard Groups is a trademark of National Advisor Network, LLC. Woodard Consulting is a trademark of Woodard Consulting Group, Inc.