As technology evolves, so do scams. The methods become simpler and more ingrained into how we normally operate in the world, and that is pretty scary. This one is not so much “I’m a foreign prince and can you hold onto this $10,000 for me?” as it is doing a normal thing in a normal way – and being fooled. What and who can you trust?
I was out for dinner the other night with some girlfriends in downtown Los Angeles. We parked next to the restaurant at a $10 garage. The credit card machine declined my friend’s first card, but there was a QR code posted above it, which seemed like an easier and legitimate option. Or was it? Fortunately we didn’t have to learn the hard way, her second card worked.
I’ll back up. Any driver who has spent any time in an urban or even a suburban area is probably going to pay for parking at some point. When meters and parking lots won’t take coins or cash, it’s down to a card or your phone to pay. While most of us are used to casually tapping our smartphone on the console at the grocery checkout or flashing our code scanner to connect with our digital payment option, you may want to hold off doing that in the wild. Especially if you’re in a situation where there’s nobody staffing the lot.
That’s because scammers are posting fake QR codes that direct your money to their accounts. It’s a trending method that takes advantage of people’s confidence in a system of electronic money transfers that are, for the most part, easy and safe.
James E. Lee, chief operating officer of the Identity Theft Resource Center, says that since the pandemic, people have relied on QR codes as a key part of touchless transactions.
“Because we mostly encounter them in places with high trust, we don’t question their authenticity. In reality, the QR code may be easily replaced and directed to a fake website,” he said.
Double trouble?
Lee said the QR code scams are generally run by locals who can physically access the site to place the image in a convenient place. Not only are they collecting money, but they may also collect information that can later be sold.
“Gangs in urban areas are increasingly expanding into identity crimes because they are easy to commit, you can make a lot of money in a hurry, and generally, no one shoots at you, unlike when you are selling drugs,” Lee said.
So in addition to being separated from their money, the victim is also on the hook for whatever penalty the parking area imposes for nonpayment. But, Lee says, “they have a built-in defense if they can prove the QR code has been compromised.”
We need your help to stay independent
I asked Lee if it should be up to the parking lots to keep their sites supervised—after all, if there were someone there, it would be more difficult to post a fake code. But he takes the perspective that the lot owners are, in essence, a victim as well since their equipment is being vandalized and their revenue stolen. You’ll see this scam in government agencies and their vendors as well, he said.
How to detect a fake QR code
The first thing to look for is an obvious sticker pasted over the real one, or a janky sign posted next to the real payment portal. If you see that, take the extra step and use a card if there is a kiosk or meter that accepts them. If there’s an attendant, you can ask about the legitimacy of the code (but of course, maybe that person is a fake too, like the guy who broke into a New York city garage and collected cash from unsuspecting folks who wanted to park there.)
Lee cautions: “If you proceed, remember it’s easy to fake a website and create a payment form. Make sure the website the QR code takes you to is real before entering any information.”
Finally, Lee says, if something doesn’t pass the smell test, find another place to park.
“QR codes are just one of many transaction tools, and we all need to be more comfortable with questioning their authenticity,” he said. “Just like unsolicited texts or DMs from friends that are out of character (‘Hey, I just made a lot of money buying crypto!’ when they’ve never even mentioned money previously), just trusting a QR code, link or text is risky. Taking a moment to check if they are real and walking away if they are not can save a lot of time, stress and money later.”
Read more
about personal finance
Shares