Here’s how to slam on the brakes

In recent years, the surge in electric vehicle (EV) adoption has led to innovative payment systems but has simultaneously opened new avenues for scams targeted at drivers. The rapid registration of approximately 14 million new cars in 2023 alone signifies a 35% annual increase, culminating in a global total of over 40 million EVs. However, this progress comes with novel threats, as fraudsters increasingly utilize mixed physical and digital methods to misappropriate drivers’ payment details. Notably, a recent scam technique identified in various European countries, termed “quishing,” highlights this alarming trend.

Quishing involves the manipulation of QR codes in a phishing context. Traditionally, phishing serves as a deceptive method for cybercriminals, allowing them to securely acquire personal information or install malware, capitalizing on the public’s instinctual trust in authoritative sources. QR codes, despite being introduced in the ’90s, gained popularity during the pandemic as a more hygienic means of accessing services, making them ripe for exploitation. Fraudsters have since exploited this situation by placing fake QR codes over legitimate ones, leading unsuspecting users to phishing sites designed to harvest sensitive details.

The adaptation of quishing techniques to target EV users is particularly concerning. Reports from the UK, France, and Germany indicate that criminals are placing fraudulent QR codes on charging stations. These bogus codes redirect users to counterfeit websites mimicking official charging operators, such as Ubitricity, prompting them to enter their payment information under the guise of making legitimate transactions. Fraudsters have further adapted tactics, perhaps employing signal jamming devices to disrupt genuine payment applications and increase the likelihood that users will resort to scanning the malicious codes.

With a vast network of over 600,000 EV charging points across Europe, these scams present significant risks, especially given that many EV owners are relatively inexperienced in navigating the evolving charging infrastructure. The ease of scanning a QR code is often more appealing than the complexities of downloading multiple payment applications, thus increasing the likelihood of falling prey to such scams. In addition, similar reports have emerged linking malicious QR codes to parking meters, underscoring the broader nature of this threat. Victims not only stand to lose their financial information but may also incur unintended parking fines from local authorities.

To mitigate the risks associated with quishing, several prudent strategies can be employed. First and foremost, it’s vital for users to closely inspect QR codes for indications of tampering, such as placement over existing codes or differences in design. Moreover, it is advisable not to scan QR codes unless they are clearly part of the established terminal. Utilizing direct payment methods, such as a phone call or the official app of the charging operator, grants an additional level of security against potential scams.

Additionally, individuals should consider disabling automatic actions that may trigger upon scanning a QR code. After scanning, it is essential to scrutinize the URL that appears, checking for legitimacy or discerning any telltale signs of phishing, such as grammatical errors or anomalies in web design. If any hesitations arise regarding the legitimacy of the transaction, users are encouraged to contact the charging operator directly. Alternative payment options available at many meters should also be favored if doubts about the QR code persist.

In cases where users suspect they might have fallen victim to a scam, immediate actions like freezing payment cards and reviewing bank statements for suspicious transactions are imperative. Furthermore, implementing two-factor authentication (2FA) across all accounts enhances security and provides additional protection should scammers successfully redirect users to fake sites. Lastly, ensuring that mobile devices have reputable security software installed is crucial for safeguarding personal information in today’s increasingly digital landscape.

While the prevalence of such QR code scams may prompt calls for banning usage in public spaces, the ongoing necessity for heightened vigilance among users remains paramount. Adapting to these emerging threats requires both awareness and proactive measures to protect against the evolving landscape of digital fraud aimed at EV drivers.