Problems in the Parking Lot: Threat Actors Use IRL Quishing to Target Travelers

This article explores Netcraft’s research into the recent surge in QR code parking scams in the UK and around the globe. Insights include: 

  • At least two threat groups identified, one of which Netcraft can link to customs tax and postal scams carried out earlier this year. 
  • Up to 10,000 potential victims identified visiting this group’s phishing websites between June 19 and August 23. 
  • At least 2,000 form submissions, indicating how much personal data has been extracted from victims, including payment information. 
  • Evidence suggesting the group is running activity across Europe, including France, Germany, Italy, and Switzerland. 

Introduction 

Earlier this month, RAC issued an alert for UK motorists to beware of threat actors utilizing Quick Response (QR) code stickers luring them to malicious websites. These sites are designed to exfiltrate personal data, including payment information, by impersonating known parking payment providers. Reports of similar scams across Europe and in Canada and the US have also been increasing and gaining public attention. In the US, the FBI has now issued alert number I-011822-PSA, Cybercriminals Tampering with QR Codes to Steal Victim Funds, to raise awareness. We can expect that these attacks will continue to be deployed on a global scale. 

In the UK, phishing activity is peaking. On July 30, Southampton City Council posted on Facebook warning motorists of a wave of malicious QR codes appearing across the city center. Printed on adhesive stickers and affixed to parking meters, the QR codes directed users to phishing websites impersonating the parking payment app brand PayByPhone. Around the same time, several Netcraft staff shared stories of family members being duped by similar scams. In response, Netcraft deployed its research teams to analyze and understand the activity in depth. 

This article has been indexed from Netcraft

Read the original article:

Problems in the Parking Lot: Threat Actors Use IRL Quishing to Target Travelers