If You Scanned That QR Code from the Super Bowl (Or Any QR Code), the FBI Has a Warning for You

The most talked about ad from the Super Bowl this year was a colorful QR code. If you pointed the camera at it, you were taken to the website for the exchange. It is a very simple way to get some attention.

The ad generated so much traffic that it crashed the app, which is a bad thing when you're trying to convince people they should trust you with their financial assets. The QR code seems to be making its way into the mainstream.

Covid-19 is one of the reasons. Customers can now get information without having to hand them a piece of paper or type a URL in a browser.

There is a problem. Not every QR code is what it seems, and they have become a tool for bad actors. The FBI wants consumers to be aware of the risks of scanning a QR code and taking steps to protect their information. There is an important lesson that can be learned from the FBI warning, not just for consumers, but for business owners as well.

Instead of asking someone to remember a website, you simply put it in the code. They take the code directly to the page you want.

A restaurant can put its menu online, put a sticker on the table with a code that can be scanned with a phone, and have diners view the menu on their phone. As businesses tried to figure out how to safely operate during a Pandemic, the idea that you wouldn't have to pass food back and forth between people was very appealing.

Payments can also be made using QR codes. Users can send money to each other with the help of PayPal and Venmo. Whenever a new technology makes it easier to get people to visit a website or send money, someone is going to abuse it. That is the warning the FBI sent last month.

"Cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim's device, and redirecting payment for cybercriminal use."

Even though the FBI was talking about QR codes, the most widely-used one was the one from Coinbase. A large number of people scanned the code after seeing the ad.

What happens when a bad actor decides to take advantage of the publicity and send out emails with QR codes telling people they can Scan it and take advantage of an offer? It is easier to scam someone into handing over their personal information if the website you are visiting is obscured by a QR code.

If I made a website at the domain coinbasead.stealyourbitcoin.ru, you are probably not going to type that into a website. If I send it out in a convincing email, you will see it, but you will not pay much attention to the rest of it. It is easy to make a website that is designed to steal your personal information.

The FBI warns that malicious QR codes may contain embedded software that can allow a criminal to gain access to the victim's mobile device and steal the victim's location, as well as personal and financial information.

This is less of a concern on an Apple device because you can't download software from a web browser. It doesn't mean that a bad actor can just create an app that runs in the browser. It's a bigger threat when you can download software directly from the internet on devices like anANDROID.

There are a few things you can do to protect yourself.

First, look for a trusted source. If your server places a table tent with a code on it so you can view the menu, you are probably fine.

If you walk up to an ATM and there is a sticker next to the screen that says "Make your transaction online using this code and we will give you $50", it is probably a scam. I wouldn't ever use a QR code on a sticker without first asking, to be sure it's legit.

Make sure that the website you visit is legit when you use a QR code. Make sure the URL is what you were expecting. Don't ever enter your personal information on a website without checking that it is secure.

If you get an email with a QR code, there is no reason to check it out. You can't just click on a link with aQR codes. The person sending the email should include a link in the body of the email.

There are a couple of things that you should do if you are a business that usesQR codes. Make sure that the one your customers use is the one you created. It means making sure no one has covered the official code with a sticker.

Customers have peace of mind when scanning your code with the URL on your sign. This code will take you to our menu at menu.reallynicerestaurant.com. If it does not, please let us know, and don't enter any personal information.