Connect with us


Hackers Use QR Codes to Steal Your Money

The use of QR codes rose during the pandemic and hackers took advantage of the opportunity to steal financial data.



The use of QR codes rose during the pandemic and hackers took advantage of the opportunity to steal financial data.

QR codes with their square barcode regained their popularity when the pandemic began because consumers found them easy to use and businesses did not have to worry about contamination from contact.

Many companies, especially restaurants started using QR or Quick Response codes and swapped them out for menus since customers could scan them from their smartphones within a few seconds. Other industries adopted QR codes for coupons, bills or to learn more information about a topic or person. Coinbase ( (COIN) ), the cryptocurrency exchange platform, even shelled out nearly $14 million for a 30-second Super Bowl commercial in January that only featured a QR code.

As demand for QR codes rose, cybersecurity criminals also noticed the opportunity to steal personal or financial data from a consumer and earn a quick payday.

“Anything consumers will use and trust will eventually be used by hackers,” John Bambenek, principal threat hunter at Netenrich, a San Jose, California-based digital IT and security operations company, told TheStreet. “Criminals will use anything they can to steal a buck.”

Hackers are tampering with QR codes because their use has become widespread and tampering with them is simple, Hank Schless, senior manager, security solutions at Lookout, a San Francisco.-based security service edge provider, told TheStreet. Some contain malicious links embedded with malware so cybercriminals can easily obtain your data such as credit card information or social security number.

QR codes have made a resurgence since the pandemic, including event registration. They are just “another tactic hackers are using to get past traditional security services much like smishing where fraudulent text messages are sent from what appears to be a real company or phishing in Microsoft Teams, and Zoom,” Patrick Harr, CEO of SlashNext, a Pleasanton, Calif.-based anti phishing company, told TheStreet.

How To Scan QR Codes Safely

Consumers believe scanning QR codes are harmless, but they are actually “inherently untrustworthy,” Casey Ellis, CTO at Bugcrowd, a San Francisco-based crowdsourced cybersecurity company, told TheStreet.

“COVID has brought them into use cases where they are highly trusted,” he said. “Once you've gotten used to scanning a QR without thinking about it from a security standpoint, it becomes a pretty attractive payload delivery vehicle for attackers.”

Fraudsters are often one step ahead and devious in their strategies to lure unsuspecting people into scanning or clicking on a link. QR codes are used to sign into accounts, exchange contact information and make money transfers or provide contactless pay options.

QR phishing attacks are on the rise because they require so little effort to be successful. For one, the codes are physical displays, meaning a harmless one can easily be covered with a nefarious one that brings users to a malicious website. This makes it easy for cybercriminals to “display” the legitimate site that steals login credentials or installs malware.

Phishing is a common type of threat where hackers pretend to send emails from legitimate companies and ask for personal data.

“Threat actors have found that QR codes are one of the most effective ways to deliver malicious links so you need to understand that while QR codes make contactless interactions seamless, they also make it easy for attackers to send you malicious links,” Schless said. “Once a credential is stolen, it makes it easy for attackers to steal personal and corporate data alike.”

Always check the URL on the notification before clicking to be redirected, he recommends.

“If the URL does not look like a trusted source or differs from the known company’s URL, exit out of the notification,” Schless said. “I strongly recommend that you think about QR codes the same way you think about other phishing tactics like email scamming and social engineering.”

Attackers and pranksters have printed counterfeit QR code stickers and put them on top of existing QR codes, Ellis said.

“Having a quick look to see if the QR code looks out of place, seems to be a sticker when it shouldn't be, might help folks avoid risks,” he said.

Avoid These Tasks From a QR Code

QR codes are often used to present information and help consumers avoid typing in long strings of data such as account numbers legitimately. People should “exercise additional caution when being asked for sensitive information like credit card details, passwords and personal identifiable information,” Ellis said.

The FBI warned consumers in January that criminals were using QR codes to steal data, embed malware to gain access to the victim's device and redirect payment for cybercriminal use. Recovering money after it has been transferred can not be guaranteed, the FBI said.

“A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information,” the FBI said. “Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.”

Consumers should avoid downloading an app from a QR code and instead use the app store for a safer download, the FBI said. Another scam involves receiving an email stating a payment failed from a company where a recent purchase was made. If the company states “you can only complete the payment through a QR code, call the company to verify,” the FBI said.

Avoid downloading QR readers from a QR code because it is often a trick used by scammers “just like getting people to download fake antivirus on their laptops where the download app is actually malware,” Brian Contos, chief security officer of Phosphorus Cybersecurity, a Nashville.-based IoT security company, told TheStreet.

“It's a good practice not to download anything from a QR code scan,” he said. “Be skeptical and don't share sensitive information unless you are sure it's legitimate. A sticker or flier on a light pole should be sounding an alarm in your head. If someone is requesting a payment, on a parking ticket for example, you can trust that there are going to be multiple methods for someone to pay.”

One method that is gaining popularity is using QR codes for parking meters. The bar codes direct users to a website where they can enter their payment information or download an application to pay, Alex Hamerstone, director of advisory solutions at TrustedSec, a Strongsville, Ohio-based ethical hacking and cyber incident response company, told TheStreet.

“A scammer can create a QR code that directs to their scam website that looks authentic, print stickers with that QR code and place the stickers over the legitimate QR code to send users to their scam site and collect their bank and credit card information or other personal data.”

Read More

Continue Reading


Sam Bankman-Fried could spend up to $1B in 2024 to thwart Trump comeback

The FTX founder said he’d spend “north of $100 million” with a “soft ceiling” of $1 billion and added “who knows what’s going to happen between…



The FTX founder said he’d spend “north of $100 million” with a “soft ceiling” of $1 billion and added “who knows what’s going to happen between now and then.”

The billionaire founder and CEO of theFTX cryptocurrency exchange Sam Bankman-Fried has revealed he intends to spend anywhere between $100 million and $1 billion to help influence the 2024 United States presidential election campaigns.

In a podcast interview on May 24 Bankman-Fried was asked how much money he might donate during the next presidential election cycle, answering he’d give “north of $100 million” with a “soft ceiling” of $1 billion if he were to bankroll the person running against former president Donald Trump.

“I would hate to say hard ceiling because who knows what’s going to happen between now and then.”

According to the government watchdog OpenSecrets, which tracks data on campaign finance and lobbying, a $1 billion donation would break existing records multiple times over.

The largest individual political donors are currently the Republican business owners Sheldon and Miriam Adelson who spent $218 million in 2020.

Bankman-Fried continued by saying the amount he donates is “super contingent” and “really dependent on exactly who's running where and for why,” adding it’s likely he would spread the money across multiple organizations.

“I think that I'm going to be looking a lot less at political parties from that perspective and a lot more about sane governance and ads for the things that I care the most about.”

He said one of the most important issues to him is preventing the next pandemic which he thinks would cost “tens of billions of dollars.”

“The United States has both a big opportunity and big responsibility to the world to shepherd the West in a powerful but responsible manner,” and added that everything the country does has “massive ripple effects on what the future looks like.”

Bankman-Fried has donated millions to politicians in the past contributing $5.2 million in donations to now-President Joe Biden’s 2020 election campaign.

Related: Sam Bankman-Fried: The crypto whale who wants to give billions away

He also backs the political action committee (PAC) “Protect Our Future” set up in January 2022 which to April spent $9 million supporting Democratic candidates.

Earlier in May the PAC spent in the range of $8 to $10 million backing Carrick Flynn who failed to win the Democratic primary election for the newly created Oregon 6th District seat in the U.S. House of Representatives.

However, there may be a scenario where Bankman-Fried decides not to donate any money at all, although he thinks the possibility of that is “very low”:

“There's a world which ends up being close to zero if things just work out such that there isn't much I'm excited about.”

The FTX CEO didn’t state in the interviews which crypto related policies he would push for. Over at rival exchange Coinbase, efforts are ramping up in terms of lobbying for crypto favorable policies with last week’s announcement of a “crypto native” think tank, the Coinbase Institute.

It will publish research on crypto and Web3 to bolster the exchange's lobbying efforts. In 2021 the firm was the biggest spending blockchain company in terms of lobbying with over $1.3 million spent.

Read More

Continue Reading


Questions arise on Y Combinator’s role in startup correction

Some are pointing the finger not just at late-stage capital pools that poured too much liquidity into the startup market — some startup players are irked…



A chill has descended onto the global startup market, albeit not evenly. Venture capital totals are sagging in most geographies, and falling share prices for tech companies large and small have soured sentiment on the future value of high-growth and often cash-hungry startups.

The end of the lengthy startup boom that first formed in the wake of the 2008 financial crisis and largely powered through until the final months of 2021 is shaking out, changing how the market views certain entities.

The Exchange explores startups, markets and money.

Read it every morning on TechCrunch+ or get The Exchange newsletter every Saturday.

Every business cycle has winners and losers, heroes and villains. Some earlier winners turned out to be losers. Tiger, the mega-crossover fund, has evolved from a market-dominating change agent in technology financing to a bag holder. SoftBank’s various Vision Fund efforts are suffering. And some crypto investments that looked to be massive wins have sputtered.

Torben Friehe, CEO of Wingback (YC W22), told TechCrunch earlier this year that many founders that he has spoken to have decided to hold off on fundraising in the current climate, adding that other founders from “across the ecosystem” are saying “that if you have to fundraise right now, you basically have to cut whatever you’d planned to raise back in January in half.”

The winners and losers scorebook isn’t that hard to draw up. But the heroes and villains ledger is a bit more difficult. But with the startup market so changed, so quickly, whiplash is setting in among the investing class. And some are pointing the finger not just at late-stage capital pools that poured too much liquidity into the startup market — some startup players are irked at accelerators, Y Combinator in particular. Let’s talk about it.

The return of fear

The latest missives from venture players are once again downturn letters. We last saw a round of these notes when COVID-19 first hit the world outside of China, leading to economic calamity and lockdowns. Investors warned startups to buckle up for bad times. But, as we now know, the bad times never came for most of them.

Instead, ironically, the pandemic became an accelerant of sorts, pushing more business toward tech companies that helped other concerns operate remotely; an accelerating digital transformation was another tailwind bolstering the tech sector, giving startups a shot in the arm.

The most recent round of warnings from venture capitalists appears more frequent than we saw in 2020, leading our own Natasha Mascarenhas to note over the weekend that “everyone is drafting their own startup Black Swan memo.” Among the various firms that sent advice to their portfolios was Y Combinator.

Y Combinator, or YC for short, is the world’s best-known accelerator. Its expanding cohort sizes, twice-yearly cadence and “standard deal” made it a trendsetting startup program; one that has sufficient heft to influence the overall direction of the early-stage market for funding upstart technology companies. And, after starting life offering “about $20,000 for 6% of a company,” YC raised its terms in 2020 to “$125,000 for 7% equity on a post-money SAFE,” along with reduced pro-rata rights “to 4% of subsequent rounds.”

That changed again in early 2022, when YC added a $375,000 note to its deal, offered on an uncapped basis but with most-favored-nation status. In essence, YC conserved its ability to collect 7% of startup equity early, with extra capital provided to its portfolio companies to put to work.

Over the last few years, YC has raised the valuation bar for its startups, from around $333,333 (6% of a company for $20,000) to $1.79 million (7% of a company for $125,000). Even more, the additional capital it now offers on an uncapped basis likely worked to cement early-stage startup expectations that their accelerator valuation was market valid.

Abhinaya Konduru, an investor at Midwest-focused venture fund M25, told TechCrunch that her firm has “been skeptical of a couple of national accelerators’ valuation practices from an investing standpoint even before the last couple of years,” adding that changes to early-stage valuations from select accelerators — she did not call any program out by name — “made it even harder to consider those companies for an investment to the point where [M25] stopped looking at them.”

Read More

Continue Reading


Bitcoin, Gold and Bonds could dominate 2022 – Bloomberg Intelligence

Inflation is arguably out of control globally, with rates hitting as high as 9% in the United Kingdom while the M1 money supply grows.
The post Bitcoin,…



Inflation is arguably out of control globally, with rates hitting as high as 9% in the U.K. while the M1 money supply grows. The stock markets have taken a massive hit, with over $7 trillion wiped off the Nasdaq in the last four months.

A senior analyst at Bloomberg Intelligence, Mike McGlone, said:

“If stocks are going limp, Bitcoin, Gold, and Bonds could rule.”

McGlone shared the chart below to support his claim.

Source: Twitter

This spread chart shows the U.S. Treasury 10-year bond yield in orange and the price of Bitcoin against the NASDAQ 100 over the past four years. At the bottom of the Bitcoin bear market, around 2018, the chart shows a double bottom ratio of 0.5 before rising to 2.0 in early 2021.

The ability of Bitcoin to hold the 2.0 ratio since January 2021 indicates that it is performing well amid its first potential recession. The last extended global recession occurred due to the 2008 financial crisis, which was a year before the birth of Bitcoin.

Since its inception, Bitcoin has flourished in a thriving global economy. The COVID-19 hurdle of early 2020 was surpassed due to trillions of dollars flooding into circulation, much of which made its way into cryptocurrency. As the world deals with the impact of the rapid increase in money supply, Bitcoin appears to be holding firm compared to other risk-on investments.

McGlone states that “Greater Risk in About a Year May Be #Deflation.” However, his overall sentiment continues to focus on the ability of Bitcoin and Gold to outperform the market in the near future. 

“Following an extended period of outperformance, an underperformance period may be overdue for the #stockmarket, which may shine on #gold and #Bitcoin. The BOLD1 Index (gold, bitcoin combo) has kept pace with the Nasdaq 100 Stock Index in a bull market and with lower volatility.”

The supporting chart shows the declining volatility of BOLD1 against the NASDAQ 100 index since 2019.

BOLD1 chart
Source: Twitter


The post Bitcoin, Gold and Bonds could dominate 2022 – Bloomberg Intelligence appeared first on CryptoSlate.

Read More

Continue Reading