Why you should ALWAYS ask for a physical menu: FBI warns hackers are planting fake QR CODES in restaurants that steal your data when you click the link
QR codes have become the new default for accessing restaurant menus across the US post-Covid — but scammers are seizing upon the new practice.
The FBI warns thieves are creating fake QR codes and planting them at eateries, retail shops and even parking meters.
Instead of taking you to an online menu or checkout, the links instantly download malware onto your device, stealing your location and personal information
The FBI has urged consumers to lookout for typos or misplaced letters in URLs accessed through QR codes and ask restaurants for a physical menu.
The FBI and experts are warning the public to beware of fake QR codes placed on top of real ones at restaurants, retail shops and parking meters
QR, which stands for ‘quick response’, codes are machine-readable codes made up of black and white squares that store URLs, payment options and other online services accessed by a smartphone camera.
They have been around since 1994 but made a huge comeback during the COVID pandemic to cater to the contactless society.
The FBI first sounded the alarm on QR scams in January 2022, but more reports are flowing in of people being duped by fake barcodes.
Carrie Kerskie, president of Kerskie Group in Naples, Florida, told Local ABC 7 that another major QR scam is with parking meters.
The malicious QR codes can contain malware, allowing criminals to access devices that scan them and steal the user’s location and personal information
Fraudulent QR codes are being placed on the back of meters, leading people to assume that is how they pay to park
Fraudulent QR codes are being placed on the back of meters, leading people to assume that is how they pay to park.
‘The criminals know that every single person in that parking lot is gonna be clicking on that QR code or taking a picture of it and they might make a website that looks very similar to the legitimate parking website..but it’s not,’ Kerskie said.
A report from Marcum, a New York-based accounting and advisory service, shows that QR code scams are among the top five cybersecurity threats observed in April.
The group highlights scammers are using fake codes to carry out phishing scams in emails and social media messages.
‘Scammers might also approach you through an online marketplace claiming they are trying to purchase goods that you are selling and ask you to scan a QR code,’ according to Marcum.
‘Avoid making payments from a website accessed via a QR code. To make the payment, manually input a recognized and trustworthy website.’
Another area seeing fake QR codes is in the cryptocurrency industry.
‘Crypto transactions are often made through QR codes associated with crypto accounts… making these transactions easy marks,’ according to a press release from the FBI.
‘If you happen to scan a scammer’s bad code, you could end up giving him access to your device.
‘He can access your contacts, download malware, or send you to a fake payment portal.
‘Once there, you can inadvertently give him access to your banking and credit card accounts. If you make a payment through a bad QR code, it’s difficult if not impossible to get those funds back.’