Someone placed fraudulent QR codes on parking meters in popular areas of Redondo Beach in an attempt to scam residents and visitors, authorities warned.
The QR codes, which direct people to a website not affiliated with the city or its official parking meter system, were found at about 150 parking meters along the Esplanade and in the Riviera Village area, the Redondo Beach Police Department said Saturday in a news release. When users went to that website, poybyphone.online, they were prompted to enter their location and payment information.
The stickers, which have since been removed, were placed next to labels from legitimate businesses that allow people to make online parking fee payments by scanning a QR code, downloading an app or visiting a website. The city has contracts with two companies, ParkMobile and PayByPhone, to accept those payments.
Anyone who has been defrauded by the fake QR codes, who has received a parking ticket after making a payment through the fraudulent website, or who has information about those responsible for the fraudulent stickers is asked to contact the Redondo Beach Police Department at (310) 379-2477.
The scam is not new. According to the Ottawa Citizen, QR codes directing users to the same fraudulent website were recently discovered on at least 51 parking meters in Ottawa, Canada.
And earlier this month, Alhambra police warned residents that someone was leaving fake parking tickets on vehicles that included a QR code that directed to a website not affiliated with the city. Authorities warned people not to scan the code, as it could install a virus on their phone.
In fact, the practice is now so common that it has a name: “quishing,” short for “QR code phishing,” according to the U.S. Postal Inspection Service. This type of identity fraud scam typically involves criminals trying to lure victims into providing personal or financial information by placing QR codes in high-traffic locations or sending them via email or text message. The codes direct unsuspecting users to fraudulent websites that often attempt to impersonate sites affiliated with government agencies or banks, according to the USPIS. The information the scammers obtain can then be used to commit other crimes, such as financial fraud.