A fraudulent scheme that dupes individuals into scanning counterfeit QR codes on parking meters, consequently leading them to download malicious software or divulge critical financial information to criminal-controlled websites, has been recognised across the eastern coastline from Greystones to Malahide.
Fingal County Council has issued an advisory encouraging all drivers to be on alert for this scam implemented on some Pay and Display parking meters. The council stated that its personnel are currently inspecting the meters and eliminating any deceptive QR codes discovered.
Wicklow County Council has also acknowledged the existence of such a scheme, disclosing it to gardaí and allocating staff to scrutinise parking meters throughout Wicklow. Payzone, the company administering the cash-free parking service across all Dublin local authorities, has likewise engaged IT specialists to collaborate on eliminating the misleading links from the QR codes.
One woman reportedly lost €1,000 from her bank account after becoming a victim of this scam in the Wicklow area. Fingal County Council have asserted that they are cognisant of the fact that deceitful QR stickers are being affixed on some meters. Such stickers redirect users to a dishonest website soliciting credit card data and other personal material.
Additionally, the council has informed gardaí about the situation and advised motorists to avoid scanning any QR or barcode that might be present on Pay and Display machines. Rather, drivers should download the legitimate Payzone parking app directly from their phone’s app store, or opt to pay using their card or cash where such options are available.
Although QR codes are not a recent innovation, one council official mentioned that they had not previously perceived its parking meters being exploited in this manner. A caution was placed on the Payzone website, urging consumers to only download the official app from trusted app stores, ensure Payzone is listed as the developer, and to remain vigilant for apps bearing similar names or originated from other developers.
The method employed by the QR code scam varies depending on the geographic location or the specific criminals implementing the scheme.
A variant of the scam involves individuals who scan counterfeit QR codes being redirected to websites fabricated to mimic genuine businesses, where they are requested to provide personal information. The information, including details of their banking cards, is subsequently harvested by the fraudsters.
A different approach taken by these criminals involves infecting the devices used to access the QR codes with malicious software. This manner of attack allows them to spy on their victims, pilfer data, or even gain full command over their technology, encrypting them in wait for a ransom payment.
Counterfeit QR codes can likewise be used to dispatch emails from unsuspecting victims’ accounts, which can be exploited by the fraudsters to pursue additional targets.