Someone affixed fake QR codes to parking meters in popular areas of Redondo Beach in an attempt to trick residents and visitors, authorities warned.
The QR codes — which direct people to a website unaffiliated with the city or its official parking meter system — were found on about 150 parking meters along the Esplanade and in the Riviera Village area, the Redondo Beach Police Department said Saturday in a news release. When users reached that website, poybyphone.online, they were prompted to enter their location and payment information.
The stickers, all of which have since been removed, were placed alongside labels for legitimate businesses that allow people to pay parking fees online by either scanning a QR code, downloading an app or visiting a website. The city contracts with two companies, ParkMobile and PayByPhone, to take these payments.
Anyone who may have been duped by the fake QR codes, who received a parking ticket after making a payment through the fraudulent website, or who has information about those responsible for the scam stickers is asked to contact the Redondo Beach Police Department at (310) 379-2477 .
The fraud has precedent. QR codes directing users to the same fraudulent website were recently discovered on at least 51 parking meters in Ottawa, Canada, according to the Ottawa Citizen.
And earlier this month, Alhambra police alerted residents that someone was leaving fake parking tickets on vehicles which included a QR code leading to a website not affiliated with the city. Authorities warned people not to scan the code, as it could install a virus on their phone.
In fact, the practice is now so common that it has a name: “quishing,” short for “QR code phishing,” according to the US Postal Inspection Service. This brand identity fraud scam typically sees criminals trying to trick victims into providing personal or financial information by placing QR codes in high-traffic locations or sending them via email or text message. The codes lead unsuspecting users to fraudulent websites that often try to masquerade as sites affiliated with government agencies or banks, according to USPIS. The information the fraudsters receive can then be used to commit other crimes such as financial fraud.