Jim Thompson/ZUMA Wire/IMAGO
Scammers in the US have tried to rip off drivers with the help of stickers.
They placed QR codes (Quick Response codes) on parking ticket machines, which gave the impression that a mobile phone could be used to quickly open a payment page for the ticket.
But anyone who scanned the code with their smartphone ended up on a phishing website instead.
In the US state of Texas, several parking ticket machines were apparently pasted over at the turn of the year, as "The Verge" reports.
According to the local broadcaster "Click2Houston", among other things, machines in Houston were affected.
In addition, the police warned the citizens of San Antonio and the capital Austin via Twitter about the scam.
The police said they were investigating.
The fraud is not easy for ticket buyers to spot.
Because the parking ticket machines actually accept online payments in addition to cash and credit cards.
However, a special app is required for this.
The instructions for paying by app are printed on the side of the parking ticket machine – the fraudsters’ QR codes, which have since been removed, were stuck directly underneath.
Anyone who was too cocky and preferred to scan the QR code instead of reading the instructions ended up on a website specially created by the scammers.
It read Quick Pay Parking in white letters on a black background.
Among other things, site visitors had the option of registering with a tap of their finger on »Login« and entering their bank details.
However, the reports so far do not indicate whether there were really victims to whom this happened.
The return of QR codes
Block codes are currently experiencing a renaissance.
A few years ago, QR codes were still a ridiculed marketing tool that was printed on train station posters to open yoghurt websites faster with a smartphone.
But thanks to restaurant check-ins, corona vaccination certificates and the activation of electric scooters, QR codes have now arrived almost everywhere in everyday life.
The simple operation plays into the hands of fraudsters.
Instead of typing in conspicuous Internet addresses, users only have to point their smartphone camera at the pixel square and call up the stored website with a tap of their finger.
Third party apps are no longer needed.
The camera apps of the Android and iOS operating systems now recognize QR codes automatically.
The problem: The URL is only shortened or not displayed at all during scanning.
A fraudulent site is therefore not recognizable at first glance.
The Internet address can only be checked in the browser when it may already be too late and the download of malware has started.
In addition, a scan also enables automatic connection to a WLAN operated by attackers.
Unencrypted data that is sent via such a WLAN can then be read.
If you want to be on the safe side, you should rather access websites directly in the browser or via search engines and look for smartphone applications in app stores.
You should also make sure that the QR code is the original and that nobody has pasted over the barcode.