FTC warns QR codes can steal money and install malware

QR codes are everywhere, but aren’t always safe, FTC warns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

When you scan a QR code, how sure are you that you know exactly where it will take you and what it will do?

QR codes have become a convenient part of everyday life, and most of us will see at least one every day.

But scammers are abusing their convenience by routing you through to malicious websites that can steal your data, process fraudulent transactions, and downloadmalware.

Scan here for a surprise

Quick response codes, better known as QR codes, are typically a collection of pixelated black shapes that, when scanned by a mobile camera, route the user through to a website. These have become an increasingly popular method for providing a menu, paying a bill, or for accessing information.

However, their security isn’t always guaranteed as there is little to stop a scammer from placing their own QR code on top of the legitimate one, and sending you to a spoof website that may appear identical to the one you may have been trying to access.

From here, the website may ask for payment, ask you to download a file containing malware, orsteal sensitive information.

QR codes are also increasingly being used within phishing emails, as spam filters are unable to recognize that a QR code could be routed through to a malicious website, allowing it to slip into your inbox unhindered.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As a result of the vulnerabilities posed by QR codes, the US Federal Trade Commission has issued a warning against the use of QR codes, and has issued guidance on staying secure when navigating through a site provided via a QR code.

This guidance includes:

ViaArsTechnica

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

Quordle today – hints and answers for Saturday, November 9 (game #1020)