QR-code parking meter scam could steal your credit card — what you need to know

Twin parking meters on a city street.
(Image credit: Dmitry Morgan/Shutterstock)

Don't trust that QR code on the side of that parking meter. It could be part of a phishing scam.

Police in Austin, Houston and San Antonio report that in the past month, miscreants have been placing QR code stickers on parking meters to try to get people to zap the QR codes with their smartphone cameras. The resulting URLs will whisk the users to websites set up to steal their credit-card numbers.

Many cities let you pay for parking meters using smartphone apps, which may be why the scammers think they can fool people into scanning the QR codes, those little squares of random-looking blocks that can you can scan with a smartphone to receive information. 

The problem is that a QR code can take you anywhere, and you can't tell whether it's malicious until you click it.

In fact, Austin and Houston don't even use QR codes in their parking-meter-payment systems at all. (Other cities do, however.) But as security blogger Graham Cluley pointed out in a recent post, first-time users and visitors to the cities might still be fooled.

"The City of Houston DOES NOT use QR codes on any on-street parking pay stations, nor does the City accept payments through QR codes," said Click2Houston.com, the website of KPRC-TV.

The scam seems to have started in San Antonio in mid-December, then quickly spread to the other Texas cities. KPRC-TV reporters scanned one of the codes and were taken to a website at "passportlab[dot]xyz," which claimed to be "Quick Pay Parking." (The site has since been taken down.)

If you find yourself falling for this scam — which we have to admit is rather clever — report the fraudulent transaction to your credit-card issuer immediately. You might be able to have the charges reversed. And scams aren't limited to QR codes. There's a TurboTax phishing scam that you should keep an eye out for.

As a pre-emptive measure, find out which smartphone parking-payment app is used by the city you primarily park in, and download and sign up for it before you use it. That way you won't be tempted to scan a QR code, legitimate or not.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.