The RAC, formerly known as the Royal Automobile Club, in the U.K. has issued an alert for motorists to beware of parking lot cyber scammers following a spate of ticket payment fraud. The warning comes as fake Quick Response code stickers are being used to direct motorists away from genuine parking fee payment sites in order to grab payment card credentials. Such abuse of QR codes is nothing new, the FBI has previously warned U.S. citizens to be aware of such fraud and offers seven tips to mitigate becoming a victim yourself.
The RAC Warns Motorists Of QR Code Parking Lot Scams
The RAC has noted that there has been a flood of fake QR code stickers being used to replace genuine ones found on payment machines in parking lots across the U.K. The cyber scammers appear to be targeting local authority operated parking lots in the U.K. with a “big spike” seen on payment machines in Barking and Dagenham, Northumberland, Northamptonshire, South Tyneside and Pembrokeshire.
The RAC is advising motorists to be very vigilant and only pay with cash, card or official apps to avoid being scammed. Although the RAC alert is aimed at U.K. motorists, QR code scams are known to be deployed worldwide and U.S. drivers should also take care when using payment machines in parking lots. If you scan one of the fake QR code stickers with your smartphone you will end up at a cloned payment site that will steal your debit or credit card information.
Simon Williams, the RAC head of policy, said “a car park is one of the last places where you’d expect to be caught out by online fraud. Unfortunately, the increasing popularity and ease of using QR codes appears to have made drivers more vulnerable to malicious scammers.”
The FBI Advice To Mitigate The Risk Of QR Code Fraud
FBI alert number I-011822-PSA, Cybercriminals Tampering with QR Codes to Steal Victim Funds, was issued to raise awareness of just this type of QR code cyber crime.
“Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,” the FBI warned. While addressing the fact that QR codes are not malicious per se, the FBI said that it’s important for people to “practice caution when entering financial information as well as providing payment through a site navigated to through a QR code.” In order to mitigate the risk of this kind of cyber crime, the FBI offers the following tips:
- Check the URL of the site that a scanned QR code takes you to for authenticity.
- Be cautious when entering any personal or financial in formation, including login credentials, at any site navigated to from a QR code.
- Ensure any physical QR code has not been tampered with, for example by a secondary sticker placed on top of the original.
- Don’t download apps from a QR code but instead always use your phone’s official app store.
- Don’t blindly follow a QR payment code in an email, always locate the company through a trusted site and call to confirm the authenticy of the demand.
- Don’t download QR code scanning apps as this increases the risk of malware when your smartphone can scan the codes using your device camera instead.
- Don’t make payments through a QR code navigated site, instead manually enter a trusted URL to complete the payment.