Netcraft warns that scammers are posting QR code stickers on parking meters in the UK and other European countries.
In the UK, the QR codes lead to phishing sites that impersonate the parking payment app PayByPhone. The phishing sites are designed to steal personal information and payment data.
“Looking at British media reports, these parking QR code scams appeared to peak during the summer holiday period (June to September),” Netcraft says. "Activity is concentrated in coastal tourism locations such as Blackpool, Brighton, Portsmouth, Southampton, Conwy and Aberdeen. There are now at least 30 parking apps in the UK, varying by location—an abundance that benefits criminals. By targeting tourist destinations, threat actors can prey on tourists who need to download the parking payment apps and are searching for ways to do so.”
The phishing pages collect complete payment card details, as well as information about vehicles. The researchers note, “This personally identifiable information (PII) could be used in future phishing attacks, for example, utilizing the threat actor’s knowledge of the victim’s vehicle, including location-based campaigns that utilize the victim’s location codes. After each form is submitted, the phishing websites submit victims’ data to the server. This maximizes the amount of information gathered, i.e., even if the victim exits the site before completing the entire process.”
Netcraft also found evidence that the same threat actor is conducting similar scams in France, Germany, Italy and Switzerland.
“The behaviors and characteristics of the threat actor identified through the analysis demonstrates the scale and strategic approach being used,” the researchers write.
“Not only is this one criminal group operating across a continent, but they are also investing to evade detection and achieve continuous operation. Additionally the criminal group is likely responsible for a number of other attacks. This shows how cybercrime groups adapt and evolve their tactics and respond to opportunities that yield greater impact.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Netcraft has the story.