Caution Flags 

The radical simplicity and irresistible pull of the Coinbase spot was the talk of the post-game ad reviews. But out of the din of this discussion came another message — this one from the Federal Bureau of Investigation (FBI). Inc Magazine’s Jason Aten pointed to a warning they had issued a month prior to the big game – the first lines lay out the situation quite clearly:

The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

QR Codes Are Back, And Bigger Than Ever

Once again, it seems that bad actors have seized on a popular trend to help them do their dirty work. A simple technology dating back to the 90’s, QR Codes are on the rise lately – as they’ve become a very effective digital tool for marketers who want to quickly convert mobile phone readers into shoppers and buyers. The Wikipedia entry on QR codes gives you a quick grasp of just how powerful they can be when scanned on a mobile phone:

QR codes may be used to display text to the user, to open a webpage on the user’s device, to add a Card contact to the user’s device, to open a Uniform Resource Identifier (URI), to connect to a wireless network, or to compose an email or text message.

All you have to do is think about how hackers might use that kind of power, and you can quickly see that indiscriminate scanning of QR codes could lead you into some serious trouble. 

Two Primary Sources of QR Code Danger

The first danger with malicious QR codes is the fact that they can transport you seamlessly to a fake website. As with most hacks, the first layer of the transaction seems to be legitimate: the QR code works! The user arrives at a site that has the offer or information they were seeking. 

And this is when many users will let their guard down, and fail to notice telltale signs that the site isn’t legitimate. Super-sweetened offers can also play a role in softening up otherwise careful users. The bad website can be a collection point for private information and financial data, and the path to financial losses and ID Theft is paved.

The second danger is QR codes that include malware themselves. Once again, let’s turn to the FBI for — “just the facts”:

Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.

That’s about as bad as it can get. So, short of forsaking the use of all QR codes — how do you defend yourself?

What Can You Do?

Here are the five steps you can take – we discuss each below in more detail:

1. Get informed about what QR codes are and what they can do.
2. Make sure your device has good security software.
3. Use that security software regularly!
4. Before scanning any QR code, scan “the situation.” 
5. Make sure you land where you expected to!

You’ll be glad to know that you’re well on your way to completing the first step. We hope this article has helped in this regard, and if you want to get even more up-to-date on potential threats to you and your mobile device, we highly recommend these two companion articles:

Six Ways That Cybercriminals Try To Take Over Your Device – QR codes are covered here along with several other traps, like WiFi Honeypots, Fake Apps, and even Subtitles in Streaming Apps. Do give it a careful read – lots to learn here.

Can a QR Code Be Used In A Phishing Attack? – If you’ve followed us so far, you know the answer to this question is YES! But hit the link to get more information on how QR codes can bait the hook for hackers’ big Phishing expeditions.

Security Help

If you’re using dfndr security, make sure you activate the anti-hacking feature to protect you from scams and malware. dfndr security PRO plan also has a dedicated Safe App function to help sniff out apps that contain malware, and also provides complete Identity Theft reports should you suspect trouble.

Eyes Up!

But your awareness is always going to be your first line of defense. Remember that QR codes primary benefit is to help you connect to a specific spot on the web without your having to type in a URL. The “fun” of seeing this work is no doubt a major part of the success of that Coinbase ad. 

If you decide you do want to scan a QR code – make sure you can verify it’s from a trusted source, and take a good close look at the surroundings: the copy and design, the context of use. Is the code stuck on a wall outside a club? Or did it come to you via a traceable source like a mass mailing? If you can verify that the code is from a trustworthy source – make sure the landing spot is what you expected it to be.  

Just remember what your friends in the FBI told you: a QR code isn’t a game to be taken lightly — or a Pokemon type game where you have to capture and collect. They serve a very specific function, and they’re more powerful than they look. Treat QR codes with the same caution you’d give to any unknown app or web address.

The film tells the story of a conman who uses the Tinder app to insinuate himself into the lives of three female victims. In the film, Simon Leviev sets up elaborate romantic cons to appear as a wealthy diamond heir, then uses the trust he has gained to steal information, then money – only to use that money to fund the con for his next victim.

It’s a taut and dramatically told story, but without a clear moral or ending. (The New York Post has reported that Leviev has signed with a Hollywood agent, and “wants his own dating show.”)   

How To Stay Safe: Five Scammer Prevention Keys

But the moral for users of Tinder — and social media in general — are still the same: proceed with caution!  Below are a Five Keys to help you stay safe as you navigate dating apps like Tinder — they’re also useful guidelines for people you might meet on any other social app like Facebook:

• Do some research — and take your time. Before meeting in real life with anyone you’ve met online, take the time to do a little background research and find out if the person you’re speaking to is who they say they are. 

• Consider bringing a friend for the first date(s), and meet in public. Yes, this will keep you safer, and it might also help provide a more casual atmosphere where you can learn a little bit more about your new friend.

• Be sensitive about peculiar information requests. Spoiler alert: The Tinder Swindler orchestrated reasons to get Passport information, and then quickly put it to nefarious use. Whatever the reason given, a quick pivot to requests for detailed personal data is always a sure warning sign, especially in a new relationship.

• Keep your purse, phone, and ID’s close. Don’t overlook simple physical sources of data like these. Don’t leave them unattended. 
• If you have any suspicions, check in to things. If anything seems odd in terms of your interactions, don’t bury your head in the sand. A good security solution like dfndr security can help you track where your data is going and also protect your physical phone from theft. Stay on top of your bank and credit card accounts.

Remember: Most Scammers Don’t Do A Lot of Romancing

The Tinder Swindler is also a healthy reminder that most scams are not quite as elaborate as those cooked up by Simon Leviev.  But most scams operate on the same human emotions of romance and self-interest. 

Set some clear rules for yourself in the dating world – and also for when you’re answering emails and text messages — or when you’re looking for work on a job site.  If it looks too good to be true – it probably is! 

Is iOS Safe?

Every mobile operating system has its irregularities and flaws. However, many people still believe that iOS is 100% secure and its technology is not affected by scams or malware.

According to Emilio Simoni, director of dfndr lab, PSafe’s digital security lab, says that having an iOS doesn’t mean you can ignore all threats and risks on the internet, such as phishing, malware, and ramsonware. It’s important to know how to protect your iPhone from viruses, circumvent vulnerabilities, and watch over the privacy and security of your data.

According to a Forbes report, a survey revealed that 38% of all iOS apps contain critical vulnerabilities, the vast majority due to inaccuracies found in the early stages of app development. These types of flaws can give opportunities to hackers who are facilitating scams and consequently compromising the protection of Apple users. The number may be shocking, but that’s just the tip of the iceberg.

Symptoms of a Broken iOS

As the popular phrase says, “Prevention is better than the cure.” We’ve listed 5 characteristics of a broken iOS that are easy to spot:

Your Battery Doesn’t Last Long
When it is noticeable that battery life has shortened significantly with recent use or your iPhone takes longer to fully charge, malware could be a possibility. Another indicator may be if your phone feels unusually warm, which almost always points to software problems. If your device is warming up even without being used, it may mean that a virus is acting in the background.

Phone Performance Diminishes
The presence of malware on any system makes it operate poorly. It’s important to pay attention to any performance issues with your iPhone. Unusual slowdowns, apps that suddenly close or crash excessively are some indications that something is not right.

Your Data Runs Out
If you notice a spike in your data charges, it may be that there are malicious apps that run even with the screen locked, draining data sneakily from your phone.

There’s Non-User Activity
Links, messages, posts, likes, and shares that you did not perform may point to an identity theft case. If a hacker has access to your device, they also have access to all the accounts linked to it.

Phone Makes Strange Sounds
During a call, a compromised iPhone may make strange background noises, often described as echoes, squeaks, or clicks. These sounds can be caused by a weak signal, interference, or the worst scenario possible: someone is listening to your microphone. Be aware of any odd sounds your iPhone makes when not in use.

How to Protect my iOS from Scams

The dfndr lab experts have put together key measures to keep your iPhone safe: 

Choose a Strong Password
Always, always create good passwords for your accounts. They should be alphanumeric (composed of letters, numbers, and symbols). Also, it’s important that you have a different password for each online account. Avoid sequences like “1234abc” or important dates. Security experts also recommend changing your password every 30 days.

Keep Your Operating System Current
It’s essential that iOS is always the latest version, as hackers occasionally encounter exploitable coding flaws, making it easier to access personal data. Apple offers periodic updates as a way to correct these inconsistencies, so in addition to protecting your iPhone from viruses, it also improves performance overall.

Don’t Click on Suspicious Links
Be wary of links that offer great deals and discounts, especially if they are advertised in messaging apps such as WhatsApp. In addition, fake news also presents a certain risk that goes well beyond misinformation. Always research the information to make sure it’s from credible sources. When in doubt, do a link analysis, such as the offered by dfndr lab. The link checker lets you know if a site is dangerous without having to access it.

Use Trusted Antivirus
There is controversy about using security applications for the iPhone. But, according to Simoni, there will always be cybercriminals looking for vulnerabilities, whether on the Android or iOS system. It’s vital to keep a good security system installed on your phone to keep it secure. dfndr security is available for Android and iOS provides several tools to protect you against identity theft, malicious links, scams, and fake websites. You can download dfndr security for free here.