Meredith Village Savings Bank FDIC-insured - Backed by the full faith and credit of the U.S. Government
Photo by Barbara Lemieux

FBI Issues Warning Regarding Rise in Malicious QR Codes

Posted on

The Federal Bureau of Investigation (FBI) has reported a rise in cybercriminals tampering with both physical and digital Quick Response (QR) codes. To best protect your personal and financial information, it’s important to know how QR codes work and steps to avoid becoming a victim.

What is a QR code?

A QR code is a square barcode that users can scan with their smartphone camera that redirects them to a website, payment portal or application download. They are often used for contactless transactions or direct access to a web link without typing in the web address. You might find them on online ads, mailings, payment portals, restaurant menus and more.

How does the scam work?

Cybercriminals use malicious QR codes in an attempt to trick victims into scanning and clicking what the user believes to be a legitimate code. The fraudulent QR codes often mimic those used by businesses to facilitate payments. Once scanned, the counterfeit code will direct the person to a website that prompts them to enter their confidential usernames and passwords, instantly giving hackers access to their payment accounts. Fraudulent QR codes may also contain embedded malware that allows hackers to access a victim’s smartphone to steal personal information.

In one recent scenario, the Massachusetts State Police warned that criminals were putting stickers with malicious QR codes on parking meters around Massachusetts. These stickers instructed individuals to scan the code to pay for parking, where they would be redirected to a fake site to steal the victim’s payment information.

Steps to avoid becoming a victim include, but are not limited to:

  • Preview the code’s URL as you scan it to make sure it’s a site you recognize. A malicious URL may be similar to the intended URL but will include typos, misplaced letter or a redirect to another site.
  • Don’t download an app from a QR code. Use your phone’s app store to find the app for a safer download.
  • Avoid scanning a QR code received by an unverified email or piece of mail.
  • Avoid making payments through a QR code, instead manually enter the trusted URL to complete payment.
  • Ensure the physical QR code has not been tampered with, such as a sticker placed on the top of the original code.

Visit the FBI Public Service Announcement on QR Codes at www.ic3.gov/Media/Y2022/PSA220118 to learn more.

If you are a MVSB customer and you are concerned your personal or financial information was compromised due to a fraudulent QR code, please call us directly at 800.922.6872 so that we can assist you with protecting your accounts and identity.

Meredith Village Savings Bank logo