entering the usernames and passwords. Cyber attackers however have been taking advantage of the QR code login technology to impersonate legitimate service providers, deceiving users into scanning the malicious QR code, which then redirects them to a malicious website, where login details are then collected to be harvested by the attacker.
If a user interacts with the malicious QR code and provides their details to the fake webpage, the attacker could take over the user’s account. A user's online banking or e-commerce account may be compromised, leading to theft of funds or the attacker purchasing goods with the user's details.
Solutions for avoiding falling prey to attacks include setting up multi-factor authentication, which is additional authentication factor should be required to log in to accounts. In addition, always type the URLs when making payments instead of scanning a QR code that could be set up to redirect you to malicious sites. Avoid installing apps through QR codes or installing QR code scanners (instead, use the one that comes with your phone's Operating System - OS). Finally, pay attention to the URLs that are generated after scanning QR codes, always be cautious when entering your data after scanning a QR code, and make sure that physical QR codes haven't been covered with malicious ones.
In conclusion, QR codes are being used by cybercriminals in phishing scams. A hacker impersonating a legitimate service provider sends malicious QR codes to a user in an E-mail, once the user scans the malicious QR code provided by the hacker, it automatically redirects the victim to a malicious webpage developed by the attacker, where sensitive data like login details are collected. The attacker can then use the login details to gain control of the user's accounts.
References:
https://www.hkcert.org/blog/introduction-of-qr-code-attacks-and-countermeasures