The Weekly Breach Breakdown Podcast by ITRC - Parking Meter QR Code Scam on the Rise - S5E28

Show Transcript

Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for September 6, 2024. I'm Timothy Walden. Thanks to SentiLink for their support of the ITRC and this podcast. Each week on this podcast, we look at the most recent events and trends related to data security and privacy. Today, we'll discuss a scam that's been around for a while but has seen a recent resurgence with a twist: QR code scams and, particularly, the parking meter QR code scam.

Since the dawn of the Internet, links have always been part of the ecosystem. However, they have only recently jumped from our screens onto artwork, walls, stickers, and almost anywhere else in the form of QR codes. QR codes, or quick response codes, are the little black and white squares we've all been asked to take photos of to see the latest restaurant menu. However, recently, they've taken a darker turn. 

Businesses, restaurants and various establishments have adopted QR codes to offer contactless services. Along with their increasing popularity comes the threat of QR code scams. We first told you about QR code scams during the height of COVID-19 when restaurants and other establishments were trying to find ways to make all encounters contactless. Earlier this year, we did a podcast on this topic after the Federal Trade Commission (FTC) warned of a rise in the potential risks of malicious QR codes that can compromise personal information and lead to identity theft.

With the surge in QR code usage, identity criminals have exploited the trust placed in these digital barcodes to carry out fraudulent activities. For example, there is a parking meter QR code scam. Identity criminals have been known to cover up legitimate QR codes on parking meters with their own deceptive versions. Recently, the city of Redondo Beach, California issued a warning to the public regarding a concerning rise in the parking meter QR code scam. Reports revealed that approximately 150 parking meters were found to have counterfeit QR code stickers positioned adjacent to genuine ParkMobile and PayByPhone labels.

Upon scanning these fake QR codes, unsuspecting individuals were directed to deceptive websites, prompting them to input their payment details and emulating the process used with legitimate QR codes. When in doubt, follow ITRC President and CEO Eva Velasquez's advice: "I would tell people to know the legitimate web address of the payment website that your city or the city where you park is using."

With the parking meter QR code scam and other QR code scams afoot, it is essential to adopt a skeptical approach when encountering digital barcodes. Here are three key measures to help prevent QR code scam incidents.

1. Scan QR Codes from Trusted Sources

Limit QR code scans to those originating from trusted and reputable entities. Whether scanning a QR code on a restaurant menu, a promotional offer, or a product label, ensure that the source is legitimate and trustworthy. 

2. Be Vigilant of Unusual QR Code Behavior

Stay attentive to any irregularities associated with QR codes, such as codes that appear to be pasted on top of others. If you come across a suspicious QR code, ask employees or staff members to validate its authenticity. 

3. Verify QR Code URLs and Message Sources

Before scanning a QR code, take the time to verify the associated website address. Some smartphones allow users to preview the web address linked to a QR code before scanning it. If you have doubts about the website's legitimacy, perform a manual search by entering the URL and adding a "+" sign to view the site. Refrain from scanning QR codes received via unsolicited emails or text messages. Instead, independently validate the source of the message to ensure it is not a QR code scam attempt.

One final note: If you are paying at a parking meter and there is a way to pay by debit or credit card, do it. Adopting these preventive measures and exercising caution when interacting with QR codes can decrease the risk of falling victim to QR code scams.

Contact the ITRC

If you want to know more about the parking meter QR code scam, QR code scams in general, how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone or text, chat live on the web, or exchange emails during our regular business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started. 

Thanks to SentiLink for their support of the ITRC and this podcast. If you have not done so, check out our last Weekly Breach Breakdown podcast, where we break down the recent Cash App data breach settlement. We'll return next week with another episode of the Weekly Breach Breakdown. I'm Timothy Walden; thanks for listening.