Examining the Latest Scam: Fake QR Codes on Parking Meters
As online technologies have become an inseparable part of business, government, and everyday living, the bad guys find innovative ways to take advantage. One new and surprising scam? QR codes on parking meters.
What Are QR Codes?
Quick response codes, or QR codes as they are commonly known, are barcodes that smartphone cameras can easily read. Businesses first started using them in the mid-Nineties to track packages and vehicles. And while they’re still widely used for logistics purposes, they’ve found much broader use in marketing and sales. When consumers open a QR code, they may see a special message, be taken to a business website, receive a discount at the point of sale, and more.
While their usage enjoyed steady growth throughout the Nineties and into the 2010s, interest began to wane somewhat among the business marketing community. However, QR code usage skyrocketed throughout the pandemic, as businesses and government agencies sought an easy, contactless method to convey and gather information and help individuals perform simple tasks. Some of the most common applications have included:
- Restaurant waitstaff having diners scan a QR code to view their menus on smartphones, helped them avoid handling physical menus, and restaurants keep their menu updated and accurate in the wake of supply chain shortages.
- Healthcare providers have patients complete check-in forms by scanning a QR code and receiving an online form, which helped them avoid having to sanitize touchscreen kiosks and handle paper forms repeatedly.
- Realtors and car sales dealers use QR codes rather than flyers to direct would-be buyers to more information about the inventory for sale.
- Marketers utilize QR codes to direct consumers to websites, social media channels, sweepstakes, and more.
In recent years, local parking authorities have also placed QR codes on parking meters. When you scan a QR code, you can be taken to a parking app for download or have the already-downloaded app open on your phone to pay your estimated parking fee immediately.
How Are QR Codes Being Used in Parking Meter Scams?
Unfortunately, as with anything well-intentioned, the bad guys find a way to take advantage. Criminals have been creating new QR codes and placing stickers on top of the QR codes that are supposed to be on the meters. Now, when you scan one of these fraudulent QR codes, you’re taken to a malicious website that prompts you to enter your credit card information. And once you do, they’ll use it to run up charges on your account.
Sometimes, the bad guys take it a step further. They’ll call you at the number you provided with your billing details and tell you that your credit card does not work. And they’ll ask you to enter another credit card, which they’ll also then use for their own enrichment.
It’s not hard to see why this scam would fool people. Most people are good law-abiding citizens who see something official and presume it’s authentic. Unless we’ve had some form of physical or cybersecurity training, we don’t recognize the signs of potential scams. And even if we have, the bad guys are working hard to identify and exploit every vulnerability they can to enrich themselves.
How Do You Avoid Falling For a QR Code Scam?
So, how do you avoid falling for a QR code parking meter scam? First, take a look at the QR code itself. Is it etched into the parking meter, or does it appear to be on a sticker? If it’s the latter, it might be a scam, and you’re better off using the meter with cash or a card directly if you can. And if you scan the QR code, make sure the website URL domain doesn’t come from a foreign country. Look for .com or .gov domain names. Also, look for spelling errors, syntax that seems off, and inconsistencies in the text. These are also telltale signs of a fraudulent website.
And if you have been the victim of such a scam, you should file a police report immediately. Also, contact your credit card vendor as quickly as possible to see if they can reverse the payments. It’s also a good idea to monitor your credit reports and bank statements for a few months to make sure the bad guys aren’t trying to use your financial and personal information in other illicit ways as well.
As this type of scam is coming to light, you may want to avoid using QR codes on parking meters entirely for a while. Police in multiple cities and states have recently begun issuing warnings about this scam, and law enforcement is cracking down. Still, given how lucrative this can be for criminals, they’ll likely keep trying for a while longer.
Another approach is to limit the damage such a scam could inflict. You can purchase a reloadable debit card for use on parking meters, gas stations, and other publicly accessible point-of-sale terminals. By keeping a small sum of money on the card for just these purchases, you can avoid giving the bad guys full access to your debit or credit card information if a scam dupes you. And it’s not just QR code scams you need to worry about. Criminals use card skimmers and shimmers on these terminals to steal credit card information, among other tactics. So, reloadable debit cards can be a smart option to help limit your risk.
How Can You Keep Your Business and Customers Safe From Scams?
Whenever security professionals develop new data security tactics and protocols, the bad guys look for ways to circumvent them. And whether using sophisticated cyberattacks to penetrate networks and steal data or social engineering approaches that use our own behavior against us, they are often successful.
Therefore, protecting your business and customers from scams is a continuous process, requiring ongoing vulnerability assessments and both physical and cybersecurity training for employees and customers alike. And as reports of new scams arise, businesses must be ready to implement new protective measures rapidly and communicate to stakeholders about this new threat effectively. Cybersecurity is one area where you should be an early adopter, and if you’re not, the consequences could be catastrophic for your business.
Keeping on top of emerging threats is a full-time job, and most businesses don’t have the resources to do it effectively. That’s where we come in. At the Alvarez Technology Group, you’ll find cybersecurity professionals well-versed in dealing with all types of cyber threats, from low-tech approaches to data theft to sophisticated DOS, MitM, and malware attacks. We stay on top of new threats, work with companies to assess and remediate their vulnerabilities, and help business leaders train their staff on cybersecurity fundamentals and advanced topics.
Week after week, high-profile attacks occur, with the bad guys taking advantage of known threats that businesses have failed to protect themselves against. Is your business prepared for the next cyber incident it faces? If your answer is no, or you have the slightest hesitation before answering yes, contact us at the Alvarez Technology Group, and let’s talk about how we can keep your business and customers safe and secure.