Be Aware Before Sharing Your Personal Information
Last month, the FBI issued an alert about malicious Quick Response (QR) codes—square bar codes that can be scanned by a smartphone’s camera to launch a website.
QR codes have exploded in use since the beginning of the COVID-19 pandemic, offering touch-free ordering at restaurants and retail shops. Cybercriminals have also increased their use of the codes, pointing people to malicious sites that try to steal personal information, install malware on a victim’s device, or redirect financial payments.
Another common hack tactic that’s growing in popularity is fake QuickBooks invoices. As more and more businesses adopt Intuit’s easy-to-use accounting program, the company has promoted its add-on email invoice service. This allows for automated invoice generation, sending, receiving, and tracking—a huge boost for small to medium-sized businesses.
However, scammers have caught on and are starting to imitate these emails, which look similar to QuickBooks messages but point payees who click on a “Review and Pay” button to an illicit website. Once there, the hacker can steal ACH, banking account, and credit card details. This can have a negative impact on both parties—the customer who has their information compromised and the company who loses out on payment and has their reputation affected.
How can protect yourself against increasing QR and QuickBooks scams?
CMIT Solutions has collected the following five tips to keep your personal and business information safe.
1. Look for evidence of physical tampering with QR codes.
The most obvious way that hackers attempt to alter a physical QR code is with a sticker. In retail settings, look for temporary adhesives or other signs of tampering. If you spot a problem with an existing code, alert the business before scanning it.
2. Carefully check the website to which a QR code directs you.
Most smartphone camera apps will display the first part of a URL before opening it. Make sure it matches the company’s name and doesn’t include random strings of letters and numbers. Once the website does load in your browser, check the URL in detail again—especially before entering any personal information.