- The FBI has warned that North Korean cybercriminals are stepping up their crypto hacking efforts
- DPRK agents are increasingly using QR codes to steal personal and financial information
- The FBI advises caution when scanning QR codes and recommends verifying their legitimacy before use
The Federal Bureau of Investigation (FBI) has raised concerns over a surge in cyber scams from North Korean actors involving QR codes. Criminals are either replacing legitimate QR codes with fake ones or creating fraudulent codes that redirect users to malicious sites, leading to loss of funds. The agency urges crypto users to be vigilant, especially when scanning codes in public spaces, and to check for any signs of tampering.
QR Codes Are the Next Frontier
The FBI issued its warning through a public service announcement yesterday where it cautioned the public about a new wave of cyber scams stemming from North Korea:
North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence of this malicious activity, even those well versed in cybersecurity practices can be vulnerable to North Korea’s determination to compromise networks connected to cryptocurrency assets.
According to the agency, cybercriminals are increasingly using QR codes to defraud unsuspecting individuals by altering them or creating fake ones to redirect users to malicious websites. These sites are designed to steal sensitive information, including financial and personal details.
Public QR Codes Being Manipulated
One tactic scammers use is replacing legitimate QR codes, such as those found on advertisements or public spaces, with malicious ones. This tactic is particularly effective in locations like restaurants, where digital menus and payments via QR codes have become commonplace. Users often unknowingly scan the fraudulent code and are directed to a fake website that prompts them to enter personal or financial information.
In some cases, scammers also use QR codes to lead users to phishing sites or initiate fraudulent payments. “Cybercriminals can quickly replace a genuine code with a fraudulent one, often without the victim noticing,” the FBI said.
The FBI advises the public to take specific precautions, including carefully inspecting QR codes for any signs of tampering, avoiding scanning codes from unknown sources, and disabling automatic QR scanning on their devices.
The agency also recommends manually entering the URL of a website instead of relying on scanned QR codes when possible. The warning comes a month after Bitrace uncovered a QR code scam involving Bitcoin traders.