Don't trust that QR code on the side of that parking meter. It could be part of a phishing scam.
Police in Austin, Houston and San Antonio report that in the past month, miscreants have been placing QR code stickers on parking meters to try to get people to zap the QR codes with their smartphone cameras. The resulting URLs will whisk the users to websites set up to steal their credit-card numbers.
Many cities let you pay for parking meters using smartphone apps, which may be why the scammers think they can fool people into scanning the QR codes, those little squares of random-looking blocks that can you can scan with a smartphone to receive information.
The problem is that a QR code can take you anywhere, and you can't tell whether it's malicious until you click it.
🚨Scam Alert🚨APD Financial Crimes detectives are investigating after fraudulent QR code stickers were discovered on City of Austin public parking meters. People attempting to pay for parking using those QR codes may have been directed to a fraudulent website and made a payment. pic.twitter.com/Gb8gytCYn7January 3, 2022
In fact, Austin and Houston don't even use QR codes in their parking-meter-payment systems at all. (Other cities do, however.) But as security blogger Graham Cluley pointed out in a recent post, first-time users and visitors to the cities might still be fooled.
"The City of Houston DOES NOT use QR codes on any on-street parking pay stations, nor does the City accept payments through QR codes," said Click2Houston.com, the website of KPRC-TV.
The scam seems to have started in San Antonio in mid-December, then quickly spread to the other Texas cities. KPRC-TV reporters scanned one of the codes and were taken to a website at "passportlab[dot]xyz," which claimed to be "Quick Pay Parking." (The site has since been taken down.)
If you find yourself falling for this scam — which we have to admit is rather clever — report the fraudulent transaction to your credit-card issuer immediately. You might be able to have the charges reversed. And scams aren't limited to QR codes. There's a TurboTax phishing scam that you should keep an eye out for.
As a pre-emptive measure, find out which smartphone parking-payment app is used by the city you primarily park in, and download and sign up for it before you use it. That way you won't be tempted to scan a QR code, legitimate or not.