The FBI has joined other parts of the government in warning the public about a rise in scams that involve QR codes.
QR codes, which allow for people to scan an image with their phone that brings them to a specific website, have become popular in recent years—such as restaurants using them for customers to access menus.
On Tuesday, the FBI said criminals are “tampering with QR codes to redirect victims to malicious sites that steal login and financial information.”
Specifically, the FBI is warning that criminals are directing QR code scans to websites that steal people’s data, embedding malware in the codes that allow them to gain control of a victim’s device, or using the codes to redirect payment “for cybercriminal use.”
The agency used an example of someone scanning a QR code that they thought was legitimate, but instead had been “tampered” with to direct them to a website that asks them to enter login or financial information.
“Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts,” the FBI said in a public service announcement.
The agency said that people scanning QR codes should take a closer look at the URL that they are taken to, inspecting them for telltale signs of a scam like typos or misplaced letters. It also suggested making sure physical QR codes, like you might see at a restaurant, don’t have a sticker placed over them with another code.
The FBI added that you shouldn’t download apps using a QR code, and instead go into an app store and download them manually.
Last week, the FTC said scammers were impersonating law enforcement, the government, or utility companies and directing people to stores with crypto ATMs. Once the victim reached an ATM, they would direct you to buy cryptocurrency and send a QR code that would send the money to them.