Digital workflows are great, when they work. When they don’t, they are annoying, costly, and sometimes dangerous. I am writing this from an emergency perparedness conference in Stavanger, where I gave a talk on the need for collaboration and shared situational awareness for cyber defense in offshore wind. Relaxing in my hotel room waiting for the conference dinner, I get a text from the parking firm EasyPark:

The SMS in Norwegian says “your parking for car <REG NO> in price group 6087 is expiring…

But I’m not out driving. I text my significant other at home, to ask if she is out driving with this car (she usually takes the EV, this is our old fossil fuel car). Nope – the car is parked at home.

I wondered what this is about, first considering if it was a phish, but that seemed unlikely since the text came from the same sender as previous, legitimate EasyPark texts, and it also didn’t contain any links or other potentially dangerous things. After all, criminals probably have my EasyPark data anyway, since they were breached last year: https://www.bleepingcomputer.com/news/security/easypark-discloses-data-breach-that-may-impact-millions-of-users/.

I have the EasyPark app on my phone but it is an app I am not using a lot. When I check it (before my parking time is up), I find an “ongoing parking” at Rema Breidablikk, the grocery store next to where I live. Since 18:26 yesterday.

Ok, so it wasn’t phishing. The grocery store has recently installed parking cameras, but they have signs saying 45 first minutes are free. I have never thoughy anything about it, since I would never spend 45 minutes at the store anyway! OK, so it was probably a camera not catching me leaving the parking lot then! Checking my maps timeline, I see that I entered the parking lot at 18:25 yesterday, and I left it at 18:33.

The app says the amount owed is 0 – probably a failsafe in case the time expires after 24 hours like here. The allowed parking time according to the signage I believe is 3 hours.

Strange SMS to-do’s

I am sure I am not the only one receiving unexpected text messages or alerts. In most cases those are actual scams, but when in doubt, it is a good idea to do some checking just to be sure.

1. Check if the sender seems to be the real phone number/sender ID. Those can be spoofed, so don’t trust them!
2. Develop alternative hypotheses that might explain strangeness (girlfriend taking a different car than usual..) and test them (by texting her and asking).
3. Check other relevant data sources (Easy park app log, Google Maps timeline)