In some large cities in Texas, they are the scene of an unpleasant situation that we tell you here in order to raise public awareness around the issue of computer security and the forms that computer threats can take today, now deeply intertwined in everyday life.
Law enforcement in the cities of Austin, Houston and San Antonio recently discovered scam qr code stickers on stations and columns to pay for car parking. The San Antonio police had already noted the fact on December 20, warning citizens of the possible scam, and pointing out that those who tried to pay for their parking using these QR codes could end up on a fraudulent site by sending your money to a third party who has nothing to do with parking management. Similar actions were also seen later in Austin and Houston.
SCAM ALERT: Fraudulent QR code stickers have been discovered on public parking meters in the city of San Antonio. People attempting to pay for parking using these QR codes may have been directed to a fraudulent website and submitted payment to a fraudulent seller. 1/2 pic.twitter.com/X1hnPmnttx
— San Antonio PD (@SATXPolice) December 20, 2021
The Austin Department of Transportation then began examining payment terminals after being alerted in late December by the city of San Antonio, which it identified in its jurisdiction.
more than 100 payment terminals with QR codes fraudulent. As for Austin, however, screening of about 900 payment terminals in parking lots across the city revealed fraudulent QR codes on 29 of them.
The QR codes pointed to a website called “Quick Pay Parking” from the passelab.xyz domain, which is now inaccessible. It is currently unknown how many people fell victim to the attempted scam. Austin’s parking division manager noted that the company does not use QR codes precisely because they are easy to forge and place on the terminals, instead of using traditional methods like cash, credit cards, or a special payment app. In Houston, however, five parking meters with fake QR codes have been identified, which have already been taken down. Also in this case, the company that manages the payment collection does not use QR codes but uses an application for payment.
Regardless of the fact that these specific episodes occurred in three Texas cities, it is important to consider the basic premise, namely the use of QR codes (which to the human eye are a simple set of irregular geometric patterns enclosed in a square area) to direct unsuspecting users to maliciously controlled resources. The risks are not only those of making payments to third parties that have nothing to do with the transaction you wish to honor, but also the compromise of the device and the theft of information, data and sensitive credentials. In short, as practical as they are in many situations, they are an element to which we must pay particular attention: without demonizing them, but with the right level of awareness.