QR Code Security- Is Using QR Codes Worth the risk? A PIE Seminar
In early 2022 when it was learned that scammers were placing fraudulent QR codes on parking meters, it was the hottest news story.
The topic was covered by cable news networks, local news, newspapers, blogs, social media, and even the FBI put out a warning. The story was almost the perfect news event. It combined a technology that most people use but don’t really understand (QR codes) with something people dislike (hackers) that impacts something people hate (parking).
It was a match made in media heaven. Who doesn’t love a good news story that makes you feel safer while also giving you another reason to dislike paying for parking?
The news stories rarely explained that it wasn’t a hack, but instead what is called a phishing attack. This approach uses a fake website or email (that looks real) to convince people to share their information or perform an action.
It relies on the fact that most people don’t double-check (or even know how to double-check) the websites they visit or links they click.
Phishing attacks can be launched through emails, text messages, and even phone calls. The number of phishing attempts is high and growing.
According to the Anti-Phishing Working Group, in Q4 of 2021 alone, over 250,000 unique phishing sites were detected by the group. Between 2020 and 2021, the number of phishing attempts doubled.
In our parking situation, scammers took advantage of the fact that due to the widespread use of QR codes during COVID, people have been trained to scan QR codes and that most people assume they are not being scammed.
Additionally, in just about every situation where the scammers placed the fake QR codes, they were installed at locations that were not using genuine QR codes for parking payments.
Due to this, customers were not used to using an existing system and were even more easily tricked into using a fake system.
But this phishing issue is not limited to parking or even QR codes. Sadly, people are scammed daily for both money and information using various approaches.
They include (but are not limited to) job offers, password resets, fake product rebates, social security payments, missed tax payments, or even a request to help a friend in need.
Note, if anyone of your contacts randomly texts you with an urgent issue and asks you to buy gifts cards for them to help solve it, assume you are being scammed. In all of these situations, the common denominator is one person(s) using deception to take advantage of another person.
In this presentation, you will learn more about what QR codes are, the technology that powers them, and how they are used in parking.
We will then discuss why (and why not) your parking organization would want to use a system that utilizes QR codes for payment.
Finally, we will outline several technologies and tactics that you can use to help protect your parking organization from this issue.
Tuesday, May 17