The growing abuse of QR codes in malware and payment scams prompts FTC warning

Lee Duna@lemmy.nz · 1 year ago

The growing abuse of QR codes in malware and payment scams prompts FTC warning

scorpionix@feddit.de · 1 year ago

So the issue isn’t QR codes, but people being unable to recognize scammers additions to public infrastructure and the websites being scams. Basically, it’s the same principle as scammers sticking an additional device on top of cash machines.

No news here.

AutoTL;DR@lemmings.world · 1 year ago

This is the best summary I could come up with:

The US Federal Trade Commission has become the latest organization to warn against the growing use of QR codes in scams that attempt to take control of smartphones, make fraudulent charges, or obtain personal information.

The code opens a page on a browser or app of the phone, where the account password is already stored.

Two-factor authentication apps provide a similar flow using QR codes when enrolling a new account.

For more than two years now, parking lot kiosks that allow people to make payments through their phones have been a favorite target.

The scam QR codes lead to look-alike sites that funnel funds to fraudulent accounts rather than the ones controlled by the parking garage.

“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” the advisory stated.

The original article contains 389 words, the summary contains 135 words. Saved 65%. I’m a bot and I’m open source!

Sabata11792@kbin.social · 1 year ago

An unreadable box us a lot harder the read than scamMyAss.ru

darkan15@lemmy.world · edit-2 1 year ago

QR is just image to text, most QR reading apps I have used, show you the QR content before going to the website (or let you disable opening the link directly) so you should be able to check the URL or content and see if the link is legit or not.

But let’s be honest most people don’t know or don’t even bother and that’s the real problem.

Nollij@sopuli.xyz · 1 year ago

It’s also pretty easy to disguise the malicious part. For instance, hxxp://[email protected]

(Hoping that didn’t get blocked as spam)

On many apps, that would truncate somewhere around the .com

phx@lemmy.ca · 1 year ago

Or just legitbusiness-online-order[.]com

Ashley Graves@lm.possum.city · 1 year ago

Thankfully a lot of browsers already detect and block this behavior

Sabata11792@kbin.social · 1 year ago

But let’s be honest most people don’t know or don’t even bother and that’s the real problem.

100% they see the code and assume it can’t be mean.

circuscritic@lemmy.ca · 1 year ago

I clicked your link and provided my banking details. When do I get my PS5?

Sabata11792@kbin.social · 1 year ago

Right away, but it shipped to my house.

McOkapi@lemmy.ml · 5 months ago

I agree, people don’t really pay attention or bother to read about stuff like How to check if a QR code is safe. Honestly, I’ve been dealing with QR codes for quite a while, and I still occasionally spend time looking things up, reading about quishing, and whatever new scam/term appears.