FBI Warning—If You Ever See This QR Code, It's An Attack
QR code attacks are not new. We have malicious codes included in phishing PDF files to bypass security filters, printed and stuck to parking meters, even sent in the mail. The latest scam is just as simple. And it all starts with a delivery at your home.
Criminals are sending 'unsolicited packages,' the bureau says, which contain a QR code 'that prompts the recipient to provide personal and financial information or unwittingly download malicious software that steals data from their phone.' if you receive an unexpected package with no sender details and a QR code, it's one of these attacks.
To trick you into scanning the code, 'the criminals often ship the packages without sender information.' The FBI says this is similar to 'brushing scams,' where you're sent a product you didn't order, enabling a criminal to post an online review on your behalf.
There are many reasons to 'beware of unsolicited packages containing merchandise you did not order,' but you'll be tempted to open the package given it will have your address. But 'do not scan QR codes from unknown origins,: the FBI says. And 'beware of packages that do not include sender information.'
QR codes look benign but they're not. Zimperium's Nico Chiaraviglio warns that research shows that attackers are increasingly leveraging multiple mobile-specific channels—including SMS, email, QR codes, and voice phishing (vishing) — to exploit user behaviors and expand their attack surface.'
This latest FBI warning comes just as citizens are told voice message attacks impersonating well-known individuals to entice engagement are also surging. And we have seen countless SMS warnings over the last 12-months (1,2,3)
'If you believe you are the target of a brushing scam,' the FBI says you should 'secure your online presence by changing account profiles and request a free credit report from one or all the national credit reporting agencies.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Android Authority
a minute ago
- Android Authority
These $80 Windows XP Crocs just made me desperate for Android footwear
Techradar TL;DR Microsoft has created Windows XP Crocs as part of its 50th anniversary celebrations. The custom footwear features a sky blue design with grassy green soles that mimic the conic Bliss wallpaper from the XP era. All I want is for Google to make Android Crocs a thing! Microsoft just did the unthinkable and made Windows XP cool again after almost 25 years. The software giant has released a pair of Windows XP-inspired Crocs, and now, all I can think of is how cool it would be if Google made some Android Crocs! You can buy Android Croc charms from the Google Store, but a fully custom-designed pair of Crocs would be so cool, just like these Windows XP ones. In celebration of its 50th anniversary, Microsoft has gone full nostalgia mode with a limited-edition pair of Windows XP-themed Crocs. The shoes feature a sky blue design with grassy green soles that mimic the iconic Bliss wallpaper from the XP era. If that's not enough, each pair of Windows XP Crocs also comes with a six-pack of Microsoft charms, including the MSN logo, Internet Explorer icon, Clippy, and a good old-fashioned mouse pointer. The Verge first reported on the nostalgic footwear, and TechRadar confirmed that the Crocs are very real. Looks like Microsoft employees are getting first dibs via preorder before the rest of the world can clog a pair. The Windows XP Crocs are $80 and even come with a matching Bliss drawstring backpack. I love Microsoft, but I can't help wanting my own Android pair for obvious reasons. I have a whole collection of Android pins collected painstakingly from Mobile World Congress over the years. I even use some of them as earrings once in a while. But now, all I want is Android Crocs. Picture a bright green shoe with little bugdroids across the strap, charms shaped like old Nexus phones, the original Android robot logo, and maybe even a scannable QR code. Make the Android Crocs happen, Google, for the nostalgia, for the pins, and for my feet. Article body continued Follow
CBS News
a minute ago
- CBS News
Ex-DOGE staffer allegedly injured in attempted carjacking — leading Trump to float federal takeover of D.C
Former Department of Government Efficiency staffer Edward Coristine was allegedly assaulted in an attempted carjacking in Washington, D.C., over the weekend, according to police records obtained by CBS News — an incident that led President Trump to threaten to put the nation's capital under federal control. 19-year-old Coristine — who is known for his online moniker "Big Balls" — was allegedly surrounded and assaulted by a group of approximately 10 teenagers near his car early Sunday morning, according to a report from the Metropolitan Police Department. Two 15-year-olds were arrested and charged with unarmed carjacking. Coristine and his significant other later told police that they "saw the suspects approach and make a comment about taking the vehicle," and "for her safety, he pushed his significant other … into the vehicle and turned to deal with the suspects," the police report said. Police officers who were patrolling the area spotted the incident and stepped out of their cruiser, leading most of the teens to flee on foot, but two of the assailants were stopped, identified by Coristine and arrested. The two arrestees were identified by police only as a 15-year-old male and a 15-year-old female from Hyattsville, Maryland. Police said in a statement that "multiple suspects remain outstanding." Emergency medical services did not transport anybody as part of the incident, D.C. Fire and EMS told CBS News. A black iPhone 16 was also stolen, the report said. Prior to the police report's release, Mr. Trump posted about the incident on Truth Social, sharing a photo of what appeared to be a bloodied "incredible young man" whom he said was "beaten mercilessly by local thugs." Billionaire Elon Musk — the former leader of DOGE — later said the victim was a member of DOGE. He wrote that the staffer spotted a group of people allegedly attempting to assault a young woman, and "ran to defend her and was severely beaten to the point of concussion," although Musk's description of the incident did not align with the police report and the extent of Coristine's injuries was unclear. CBS News has reached out to Musk for comment. Mr. Trump said crime in the nation's capital is "totally out of control" and called on authorities to "prosecute these 'minors' as adults, and lock them up for a long time, starting at age 14." The president also threatened to put D.C. under federal control if the city doesn't "get its act together, and quickly." "If this continues, I am going to exert my powers, and FEDERALIZE this City," he wrote. Mr. Trump has backed the idea of federalizing D.C. in the past. The Constitution gives Congress the power to govern the city, but since 1973, the federal government has allowed D.C. residents to elect a mayor and city council that handle most aspects of local government. The city's autonomy is still limited, with Congress maintaining the right to override local laws — and Congress could choose to repeal the city's 52-year-old self-rule. Jeanine Pirro, the U.S. attorney for D.C., said in a statement: "It's time we start taking crime more seriously irrespective of the age of the criminal. No longer can we coddle young criminals while innocent victims are being assaulted and maimed and young criminals avoid consequences. It's time for this to end." Coristine was one of the best-known members of Musk's DOGE team, which swept through the federal government earlier this year in an effort to cut government spending. He was involved in DOGE efforts at the U.S. Agency for International Development, the Social Security Administration, Health and Human Services and other agencies. Coristine resigned from the federal government in late June. He rejoined federal service days later as a special government employee with the Social Security Administration, which told CBS News at the time he would focus on "improving the functionality of the Social Security website." In May, Coristine was part of a roundtable of DOGE employees who were interviewed alongside Elon Musk on Fox News' "Watters' World." He said his work involved looking at "payment computers" in the federal government. Asked about his "Big Balls" pseudonym, Coristine explained that it was a tongue-in-cheek username he chose on LinkedIn. "People on LinkedIn take themselves super seriously, and they're pretty averse to risk. And I was like, 'Well, I want to be neither of those things,'" he Navarro contributed to this report.
CBS News
2 minutes ago
- CBS News
Grand Prairie council censures Mike Del Bosque following assault allegation
After hearing from 60-year-old Austin real estate broker David Collantes, Grand Prairie council members voted Tuesday night to censure councilman Mike Del Bosque. "I think it was the right vote," David Collantes said. "Someone with that kind of temper should not be running for public office." Last April, Collantes reported he was attacked by Del Bosque while he was looking at a property the councilman owns. He says the building was being turned over to another owner after a default judgment, but Del Bosque didn't want him showing the property. "I just was fighting for my life, literally," he said. Surveillance video obtained exclusively by CBS News Texas shows the councilman taking Collantes to the ground, smashing his cell phone, and trying to grab his wallet. The encounter led to his arrest for misdemeanor assault and criminal mischief. After Tuesday's vote, he had this to say: "I'm man enough to do what needs to be done and I took accountability, and I did apologize, but again, we're not going to get in the depth of this because this case is still in litigation," Del Bosque said. "He's doing it to save his own skin," Collantes said. "If he really was truly remorseful, he would've contacted me four months ago. I expected a little bit more, maybe some of the City Council members saying this behavior should not have been tolerated." Del Bosque's attorney has said this video doesn't tell the full story. "David Collantes entered our client's private property," Phillip Linder said. "The back door was in a private office. The female staff felt threatened and when asked to leave he used expletives." But Collantes says that's not true and believes this video speaks for itself. "I never entered his business in the back door," he said. "I plan to continue to follow this and I'm not going to give it up. I will continue to press forward and make sure that justice is served." The Dallas County District Attorney's office says the case will be prosecuted like any other.
