With stories making the headlines involving avatars stealing passwords, AI chatbots being used by cybercriminals to create malware, and the FBI remotely deleting files from the computers of thiusands of American citizens, there’s not a lot left to shock me when not comes to the world of cybersecurity. Or so I thought. Then I read about a 70-year-old lady who parked her car for a hospital appointment and emerged to find herself an unwitting gamer. Here’s what you need to know.
The Car Park Gamer Subscription Hack Attack
A 70-year-old woman was running late for her hospital appointment as she parked her car and scanned the QR code to pay the £3 ($3.85) parking fee. She was also required to enter her name and email address. So far, so annoying, After all, it was a lot easier and quicker when you could just drop a couple of coins in the slot, stick your parking ticket on the windshield and get one with your day. However, this woman’s day was about to get a lot more complicated and concerning. A second login prompt appeared on her smartphone, according to a BBC News report, and worried her payment had failed, she entered her details again. Having completed the hospital appointment and exited the car park, it wasn’t until she got home that things got even more worrisome: she had emails informing her that she had signed up for two gamer subscriptions. Although these were each for the same £3 ($3.85) amount, further investigation revealed this was a three-day trial, and the subscriptions would automatically renew at £17.49 ($21.85) thereafter.
“Unfortunately, QR code scams in car parks are incredibly common,” Dr. Martin Kraemer, a security awareness advocate at KnowBe4, said; they “target people in a rush to get to a shop, the restaurant, or just home. No one wants to spend a lot of time figuring out how to pay for parking.” As for online subscriptions, again, it is very common when it comes to fraudsters. “We often do not realize how many subscriptions we have,” Kraemer warned, “and a small amount going out of our accounts will often go unnoticed.”
Don’t Get Gamed By The Gamer Scam Or Any Other QR Code Attacks
An investigation revealed that the car park management company didn’t employ QR codes in any of their car parks, so the lady had not only been scammed into signing up as a gamer but hadn’t paid her parking fee either. The fraudulent QR stickers have since been removed. As for the gamer subscriptions, the two organizations concerned told the BBC that their sites had been compromised, investigations were underway, and the security issues had since been resolved.
“Fortunately, these scams are rarely sophisticated” Jamie Akhtar, CEO of CyberSmart, said, as “they typically rely on us not paying too much attention to what we’re scanning, which means they’re relatively easy to counter.” Those countermeasures include, Akhtar said, checking if the QR code looks tampered with and paying particular attention to the website it takes you to, in terms of being as expected and legitimate. Best yet, use an alternative method to pay for your car parking that isn’t as easy to use in a fraudulent attack. And if you’re not a gamer, check those gaming service subscriptions you’ve just been signed up for pronto.
