Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Another rare security + squid story:

The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social media platform WeChat. What she didn’t notice was that she’d included the QR code on her table, which the restaurant’s customers use to place their orders.

Even though the photo was only shared with her WeChat friends list and not the entire social network, someone—or a lot of someones—used that QR code to add a ridiculous amount of food to her order. Wang was absolutely shocked to learn that “her” meal soon included 1,850 orders of duck blood, 2,580 orders of squid, and an absolutely bonkers 9,990 orders of shrimp paste…

Continue reading Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

QR codes can eat your lunch, FBI warns

QR codes are among the few “winners” of the coronavirus pandemic, the joke goes, because restaurants and other businesses have deployed them in far greater numbers over the past few years, in an effort to make more interactions contactless. The FBI is warning, however, that scammers love them, too. The bureau’s Internet Crime Complaint Center (IC3), issued a general alert Tuesday about “malicious” QR codes that reroute unsuspecting consumers to the world of cybercrime. “[C]ybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use,” the announcement says. The FBI’s warning is the latest in a long string of advisories from cybersecurity researchers or government agencies about the threat posed by QR codes. Last week, Ars Technica reported on fake QR codes on fake QR codes that were […]

The post QR codes can eat your lunch, FBI warns appeared first on CyberScoop.

Continue reading QR codes can eat your lunch, FBI warns

Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders

Food delivery apps have taken off during the pandemic, and it looks like fraudsters have taken notice. Fraud detection company Sift said Thursday it has seen a rash of scams within the chat app Telegram that target restaurants and delivery apps for theft. It’s a low-level grift that goes like this: The fraudsters advertise in Telegram forums that they can illicitly buy food orders at steep discounts, around 60%-75% off. Diners send a direct message with a screen shot of their food app shopping cart and delivery address. The diner then pays the fraudster for the discounted meal in cryptocurrency, and the fraudster in turn covers the full cost through a new account, stolen credit card information or a hacked account. Diners get their food at a discount, restaurants are stuck with bogus payments, and the crooks get away with a profit. And all of it happens in a chat […]

The post Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders appeared first on CyberScoop.

Continue reading Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders

Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

The modular malware is highly sophisticated but may not be able to capture credit-card info. Continue reading Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

Another fast-food hack, this time at Checkers and Rally’s restaurants

Checkers Drive-In Restaurants says hackers compromised payment machines at more than 100 of the fast-food company’s locations, providing the latest example of how buying a drive-through cheeseburger can come with the risk of a data breach. Point-of-sale malware was lurking at 102 of Checkers and Rally’s locations in 20 states, the Florida-based company said in a bulletin Wednesday. Thieves collected data stored on magnetic card strips, including cardholders names, payment card numbers, card verification codes and expiration dates — everything they would need to steal to conduct their own transactions or re-sell that data on cybercriminal forums. The exposure period for many of the affected stores ended in April, though some locations were vulnerable dating back to 2016 or 2015, in the case of one California restaurant. The company did not specify the number of customers affected. Checkers didn’t offer many details about the hack, but the almost non-stop breach disclosures from similar […]

The post Another fast-food hack, this time at Checkers and Rally’s restaurants appeared first on CyberScoop.

Continue reading Another fast-food hack, this time at Checkers and Rally’s restaurants

Hackers Stole Customers’ Credit Cards from 103 Checkers and Rally’s Restaurants

If you have swiped your payment card at the popular Checkers and Rally’s drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction.

Checkers, o… Continue reading Hackers Stole Customers’ Credit Cards from 103 Checkers and Rally’s Restaurants

The limits of coworking

It feels like there’s a WeWork on every street nowadays. Take a walk through midtown Manhattan (please don’t actually) and it might even seem like there are more WeWorks than office buildings. Consider this an ongoing discussion about Urban Tech, its intersection with regulation, issues of public service, and other complexities that people have full […] Continue reading The limits of coworking

Pacific Northwest burger chain hit by FIN7

Fast-food chain Burgerville revealed Wednesday that its customers’ credit and debit card information was stolen by the international cybercrime group known as FIN7. The company, which has over 40 locations in Oregon and Washington, said customers that used a credit card at any of its locations between September 2017 and September 2018 should consider their cards compromised. Burgerville says the information taken includes names, card numbers, expiration dates and CVV numbers. “We realize that this intrusion was not only on Burgerville’s system, but also on your life,” Burgerville interim CEO Jill Taylor wrote in a letter to customers. “This isn’t what you expected to happen when you came to visit one of our locations.” The company learned of the intrusion in August when the FBI reached out after it announced the arrest of three men tied to FIN7. In the indictment, the Department of Justice named a number of businesses based […]

The post Pacific Northwest burger chain hit by FIN7 appeared first on Cyberscoop.

Continue reading Pacific Northwest burger chain hit by FIN7

Me on Restaurant Surveillance Technology

I attended the National Restaurant Association exposition in Chicago earlier this year, and looked at all the ways modern restaurant IT is spying on people. But there’s also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Internet to practice surveillance of both your customers and… Continue reading Me on Restaurant Surveillance Technology