Warning for millions of iPhone and Android users over restaurant scam that puts your data at risk
www.thesun.co.uk
MILLIONS of iPhone and Android users have been warned to ask for a physical menu at restaurants - and avoid using QR codes.
The FBI said scammers are creating fake QR codes and planting them at restaurants, shops and even parking machines - putting your data at risk.
The FBI has urged people to be vigilant and ask for a physical menuCredit: Getty
Instead of taking you to a menu or checkout, it downloads malware onto your device and steals your location and personal information.
The FBI has urged people to be vigilant and look out for misplaced letters or typos in URLs as a warning sign.
And they urged consumers to ask for physical menus at restaurants and cafes in order to stay safe and protect their data.
QR codes were first invented in 1994 - but they soared in popularity during the pandemic.
The FBI has now warned criminals are taking advantage of the tech.
The agency said: "Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the Covid-19 pandemic.
"However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use."
It added: "While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code."
Carrie Kerskie, president of Kerskie Group in Florida, said scams at pay and display machines in particular are on the rise.
She told ABC 7: "The criminals know that every single person in that parking lot is gonna be clicking on that QR code or taking a picture of it and they might make a website that looks very similar to the legitimate parking website... but it's not."
Carrie warned it's difficult to spot a scam as you can't see where the QR code will be taking you.
"That’s the dangerous side of QR codes," she said.
And it's very easy for scammers to come up with a QR code to fool people.
"All you’d have to do is go to the site, we can enter a URL. You can do a web address, you can do multiple web addresses, you can do text, you can have it take you to an app," Carrie said.
"So these are very dangerous."
Since October 2022, HP Wolf Security has seen QR code “scan scam” campaigns emerge almost daily.
These schemes trick people browsing the web into scanning QR codes from their PCs using their mobile devices.
Attacks typically rely on users clicking on ads they see online, which lead to malicious sites that look almost identical to the real ones.
The QR codes then direct victims to malicious websites asking for credit and debit card details.
One example of this happening involves a cyber criminal impersonating a parcel delivery company seeking payment.
Experts at HP suspect this is to take advantage of weaker phishing protection and detection on such devices.
“When one door closes another opens,” explains Alex Holland, a senior malware analyst in HP's threat research team.
“Users should look out for emails and websites that ask to scan QR codes and give up sensitive data, and PDF files linking to password-protected archives.”
www.thesun.co.uk
The FBI said scammers are creating fake QR codes and planting them at restaurants, shops and even parking machines - putting your data at risk.
The FBI has urged people to be vigilant and ask for a physical menuCredit: Getty
Instead of taking you to a menu or checkout, it downloads malware onto your device and steals your location and personal information.
The FBI has urged people to be vigilant and look out for misplaced letters or typos in URLs as a warning sign.
And they urged consumers to ask for physical menus at restaurants and cafes in order to stay safe and protect their data.
QR codes were first invented in 1994 - but they soared in popularity during the pandemic.
The FBI has now warned criminals are taking advantage of the tech.
The agency said: "Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the Covid-19 pandemic.
"However, cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use."
It added: "While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code."
Carrie Kerskie, president of Kerskie Group in Florida, said scams at pay and display machines in particular are on the rise.
She told ABC 7: "The criminals know that every single person in that parking lot is gonna be clicking on that QR code or taking a picture of it and they might make a website that looks very similar to the legitimate parking website... but it's not."
Carrie warned it's difficult to spot a scam as you can't see where the QR code will be taking you.
"That’s the dangerous side of QR codes," she said.
And it's very easy for scammers to come up with a QR code to fool people.
"All you’d have to do is go to the site, we can enter a URL. You can do a web address, you can do multiple web addresses, you can do text, you can have it take you to an app," Carrie said.
"So these are very dangerous."
Since October 2022, HP Wolf Security has seen QR code “scan scam” campaigns emerge almost daily.
These schemes trick people browsing the web into scanning QR codes from their PCs using their mobile devices.
Attacks typically rely on users clicking on ads they see online, which lead to malicious sites that look almost identical to the real ones.
The QR codes then direct victims to malicious websites asking for credit and debit card details.
One example of this happening involves a cyber criminal impersonating a parcel delivery company seeking payment.
Experts at HP suspect this is to take advantage of weaker phishing protection and detection on such devices.
“When one door closes another opens,” explains Alex Holland, a senior malware analyst in HP's threat research team.
“Users should look out for emails and websites that ask to scan QR codes and give up sensitive data, and PDF files linking to password-protected archives.”
