LOS ANGELES (KNX) — Chances are if you’ve been out to a restaurant or eatery since 2019, you have probably encountered a QR code. The square-shaped barcodes are often plastered on establishment doors or tables to offer a menu directly after you scan with your phone to launch a website.
Harmless, right? Cybersecurity experts disagree. They’re warning consumers to be careful what they scan — because criminals are trying to steal your financial information.
Paul Rosenzweig, a cybersecurity expert and former Homeland security consultant, said some are so bold as to use fraudulent QR codes to direct people to malicious sites in order to steal their data or hijack payments.
Rosenzweig joined KNX In Depth to share how scammers are getting away with it.
“What happens is that the criminals have been replacing the QR codes that lead you to the right website with QR codes that lead you to other websites,” Rosenzweig said.
“In the simplest way, those websites then ask you to enter some information in order to say, complete the menu order. Your name and your email address — [that’s] harvesting personal information from you.”
That might sound simple, but Rosenzweig — who is also the former deputy assistant secretary of Homeland Security — said it gets worse.
“In the more insidious versions, sometimes what those websites will do is what is known as ‘autoloader’ — autorun malware that’s now on that website and will try and port that into your mobile device,” he said.
“If that’s the case [scammers] could gain access to your mobile device and thus anything that’s on your mobile device…passwords, personal information, emails…pictures, you name it.”
The unfortunate part, Rosenzweig said, is that you may never know if you’ve been part of the scam, because the criminals have been known to design their links to route back to the correct website.
But here’s what you can look out for.
“Be hyper aware of the fact that any request for information is kind of suspect - other than what number table you’re sitting at,” Rosenzweig said.
“They don’t need your name to know that you’re ordering the chicken empanadas and a beef burrito! That’s not required.”
Follow KNX News 97.1 FM
Twitter | Facebook | Instagram
Related
