If you are a regular user of the rental bicycles and electric scooters, be very careful if you find a sticker with a QR code on the vehicle. Fake codes are appearing that lead to payment gateways that impersonate the originals and keep all your bank details.
Especially since the pandemic, QR codes have gained greater prominence, extending their use in many cases such as consulting a restaurant menu, activating a device in a streaming service or being a means to share WiFi keys with guests. With such widespread use among the population, it is common for criminals to see in this a possibility to also use them with fraudulent purposes.
Fake QR codes are back
In recent days, there has been an increase in complaints and reports from users of the electric bicycle rental service in Madrid, known as Bicimad. Although it will be free until December 31, according to announced last July According to the city council of the Spanish capital, many users who rent these bikes observe that they have a QR code that leads to the payment gateway.
Ane Miren Parrilla Larrinaga
@AneParrilla
Seen in Plaza Benavente, fake QRs on top of the QR of the bikes that take you to a fake payment platform @bicimad @MADRID
September 14, 2023 • 14:02
412
37
This is not the usual behavior of the Madrid City Council when the service is not free, but, as the newspaper published The world, the website to which the codes directed, fortunately now deactivated, corresponds to a domain registered in kyiv, Ukraine. Its purpose was to collect bank details of scammed peoplea method known as phishing.
Specifically, a variant that has been named Qrishing. According to INCIBE, «This technique is combined with social engineering to get users to provide their credentials by scanning a QR code contained on a web page, message or email. When the user scans it, they are redirected to a web page, which impersonates the company’s page and requests confidential information. It must be taken into account that if the user does not verify the web address, he or she can easily be deceived..
This case is not something isolated and exclusive to the Madrid municipal service, but has also extended to some electric scooter rental services from private companies such as Lime or Uber and not only in the capital, but the deception spreading throughout the national territory. In this case, since the service is paid, many users may confuse that this is the code that refers to the payment gateway. Don’t pay attention, only use the official service application to unlock the scooter and have the amount due charged to you.
Fake parking tickets
The case of fake QR codes is not new either. One of the most scandalous cases that appeared a few months ago has to do with the appearance of fines in which the fine paper that is placed on the windshield contained a QR code. First of all, it is identity theftposing again as the Madrid City Council.
National Police
@police
If they have left this “fine” on your windshield, don’t be alarmed, IT’S FALSE
@MADRID clarifies that no complaint bulletin from the Municipal Police, Mobility Agents or SER controllers includes QR codes
Continue to respect traffic rules
September 14, 2023 • 14:02
940
27
In these false complaints, really photocopies, data appears such as an identification code, the alleged fact reported, breached provision, amount of the penalty, amount with the prompt payment reduction, QR code and reference. By scanning the QR code, we can be taken to a payment gateway that again poses as the official sanctioning body. As we have said on previous occasions, any notification of sanctions imposed by law enforcement agents is sent by certified mail or by the road email address.
Furthermore, in this specific case, the complaint papers were blank on the back. In the penalty slips that mobility agents or regulated parking service controllers can leave, the roll of paper has content on the back, generally legal text.
The post Be very careful when renting a scooter or electric bike: the fake QR scam is back with a vengeance appeared first on ADSLZone.