Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

The growing abuse of QR codes in malware and payment scams prompts FTC warning

⁨157⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨throws_lemy@lemmy.nz⁩ to ⁨technology@lemmy.world⁩

https://arstechnica.com/security/2023/12/ftc-warns-consumers-to-beware-of-qr-codes-used-in-malware-and-payment-scams/

source

Comments

Sort:hotnewtop
  • scorpionix@feddit.de ⁨1⁩ ⁨year⁩ ago

    So the issue isn’t QR codes, but people being unable to recognize scammers additions to public infrastructure and the websites being scams. Basically, it’s the same principle as scammers sticking an additional device on top of cash machines.

    No news here.

    source
    • RGB3x3@lemmy.world ⁨1⁩ ⁨year⁩ ago

      Okay, but explain to me how you’re supposed to tell the difference between a legitimate QR code and a fake one?

      It’s trivially easy to make a mockup of a restaurant’s QR menu so that people scan it when they sit down, expecting to get an online menu.

      source
      • scorpionix@feddit.de ⁨1⁩ ⁨year⁩ ago

        Is the QR Code applied professionally to the surface, possibly behind some security feature such as glass or another surface finish? Is the menu on the table in the general style of the restaurant, or does it look off or entirely different? Is the QR code applied on top of something else, possible another QR code?

        Don’t use apps which directly open QR codes. Any sensible app will tell what the information is before processing it.

        And at last, the simplest and most efficient security measure of all: Commonsense. Don’t scan everything you come across. Restaurant menu? Sure. Some random poster out in the woods promising a quick buck, happy time or their like? Hard pass.

        source
        • -> View More Comments
  • autotldr@lemmings.world [bot] ⁨1⁩ ⁨year⁩ ago

    This is the best summary I could come up with:

    The US Federal Trade Commission has become the latest organization to warn against the growing use of QR codes in scams that attempt to take control of smartphones, make fraudulent charges, or obtain personal information.

    The code opens a page on a browser or app of the phone, where the account password is already stored.

    Two-factor authentication apps provide a similar flow using QR codes when enrolling a new account.

    For more than two years now, parking lot kiosks that allow people to make payments through their phones have been a favorite target.

    The scam QR codes lead to look-alike sites that funnel funds to fraudulent accounts rather than the ones controlled by the parking garage.

    “A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” the advisory stated.

    The original article contains 389 words, the summary contains 135 words. Saved 65%. I’m a bot and I’m open source!

    source
  • Sabata11792@kbin.social ⁨1⁩ ⁨year⁩ ago

    An unreadable box us a lot harder the read than scamMyAss.ru

    source
    • darkan15@lemmy.world ⁨1⁩ ⁨year⁩ ago

      QR is just image to text, most QR reading apps I have used, show you the QR content before going to the website (or let you disable opening the link directly) so you should be able to check the URL or content and see if the link is legit or not.

      But being honest most people don’t know or don’t even bother and that’s the real problem.

      source
      • Nollij@sopuli.xyz ⁨1⁩ ⁨year⁩ ago

        It’s also pretty easy to disguise the malicious part. For instance, hxxp://LegitimateBusiness.com@ScamMyAss.com

        (Hoping that didn’t get blocked as spam)

        On many apps, that would truncate somewhere around the .com

        source
        • -> View More Comments
      • Sabata11792@kbin.social ⁨1⁩ ⁨year⁩ ago

        But let’s be honest most people don’t know or don’t even bother and that’s the real problem.

        100% they see the code and assume it can't be mean.

        source
    • circuscritic@lemmy.ca ⁨1⁩ ⁨year⁩ ago

      I clicked your link and provided my banking details. When do I get my PS5?

      source
      • Sabata11792@kbin.social ⁨1⁩ ⁨year⁩ ago

        Right away, but it shipped to my house.

        source
  • McOkapi@lemmy.ml ⁨5⁩ ⁨months⁩ ago

    I agree, people don’t really pay attention or bother to read about stuff like How to check if a QR code is safe. Honestly, I’ve been dealing with QR codes for quite a while, and I still occasionally spend time looking things up, reading about quishing, and whatever new scam/term appears.

    source