Fake QR codes posted on Redondo Beach parking meters to scam drivers, police say

Someone affixed fraudulent QR codes to parking meters in popular areas of Redondo Beach in an attempt to scam residents and visitors, authorities warned.

The QR codes — which direct people to a website that’s not affiliated with the city or its official parking meter system — were found on about 150 parking meters along the Esplanade and in the Riviera Village area, the Redondo Beach Police Department said Saturday in a news release. When users reached that website, poybyphone.online, they were prompted to enter their location and payment information.

The stickers, all of which have since been removed, were placed next to labels for legitimate companies that allow people to make parking fee payments online by either scanning a QR code, downloading an app or visiting a website. The city contracts with two companies, ParkMobile and PayByPhone, to take those payments.

Anyone who may have been defrauded by the fake QR codes, who received a parking citation after making a payment through the fraudulent website, or who has information about those responsible for the scam stickers is asked to contact the Redondo Beach Police Department at (310) 379-2477.

The scam has precedent. QR codes directing users to the same fraudulent website were recently discovered on at least 51 parking meters in Ottawa, Canada, according to the Ottawa Citizen.

And earlier this month, Alhambra police warned residents that someone was leaving fake parking tickets on vehicles that included a QR code directing to a website not affiliated with the city. Authorities warned people not scan the code, as it might install a virus on their phone.

In fact, the practice is now so commonplace that it has a name: “quishing,” short for “QR code phishing,” according to the U.S. Postal Inspection Service. This brand of identity fraud scam typically sees criminals try to lure victims into providing personal or financial information by placing QR codes in high-traffic locations or sending them via email or text message. The codes direct unsuspecting users to fraudulent websites that often attempt to masquerade as sites affiliated with government agencies or banks, according to the USPIS. The information the scammers obtain can then be used to commit other crimes such as financial fraud.