Someone has been putting fraudulent QR codes on parking meters in popular areas of Redondo Beach in an attempt to scam residents and visitors, authorities have warned.
The QR codes, which direct people to a website that is not affiliated with the city or its official parking meter system, were found on about 150 parking meters along the Esplanade and in the Riviera Village neighborhood, the Redondo Beach Police Department said in a news release Saturday. When users accessed that website, poybyphone.online, they were prompted to enter their location and payment information.
The stickers, all since removed, were placed next to labels from legitimate companies that allow people to make parking payments online by scanning a QR code, downloading an app or visiting a website. The city contracts with two companies, ParkMobile and PayByPhone, to make those payments.
Anyone who may have been scammed by the fake QR codes, received a parking ticket after making a payment through the fraudulent website, or has information about who is responsible for the fraudulent stickers is asked to contact the Redondo Beach Police Department at (310) 379-2477.
This scam is not new. QR codes redirecting users to the same fraudulent website were recently discovered on at least 51 parking meters in Ottawa, Canada, according to the Ottawa Citizen newspaper.
Earlier this month, Alhambra police warned residents that someone was leaving fake parking tickets on vehicles that included a QR code linking to a website not affiliated with the city. Authorities warned people not to scan the code because it could install a virus on their phones.
In fact, the practice is now so common that it has a name: “quishing,” short for “QR code phishing,” according to the U.S. Postal Inspection Service. This type of identity fraud scam typically involves tricking victims into providing personal or financial information by placing QR codes in high-traffic locations or sending them via email or text message. The codes direct unsuspecting users to fraudulent websites that often attempt to impersonate sites affiliated with government agencies or banks, according to USPIS. The information scammers obtain can then be used to commit other crimes, such as financial fraud.
