'Quishing' - beware of the QR code parking scam!

In recent years, as cashless payments have become more common, the use of QR codes has grown popular for offering fast, contact-free ways to make payments. However, this convenience has also created opportunities for criminals... A new type of scam has emerged - known as ‘quishing’ - where fake QR codes are used on parking meters and signage, tricking people into unknowingly giving away sensitive information (and their money). 

This scam poses a threat for motorhome owners, especially when they may be travelling to new places and using unfamiliar car parks. Let’s have a look at this issue, and see what we can all do to protect ourselves.

How it works

Scammers will place fraudulent QR code stickers on parking machines or on signage in car parks, often covering up the correct QR code. These codes often appear to be legitimate, mimicking the look of official parking information or authorised pay-by-phone services. When someone unwittingly scans the QR code with their mobile phone, they are then directed to a fake website, which may closely resemble a real parking payment portal.

Sometimes, the scammers will add notes to machines to say that they are not working, and that a QR code is available instead. The BBC has a story on this about what has recently been happening in Luton, which you can read here.

Seeing a convenient QR code to pay for parking is tempting, especially when we often don’t have cash on us and we want to pay as quickly as possible after parking up. 

Unfortunately, entering payment details into these fake websites provides scammers with access to our banking information, which they could then use for fraudulent transactions.

What does this mean for me?

The consequences of falling for a QR code parking scam can go beyond just losing a small parking fee. Here’s what could potentially happen:

Unauthorised charges 

The most immediate risk is that scammers will use the payment information to make unauthorised charges. These might start small, but scammers often escalate once they’ve confirmed the card is active and working.

Identity theft 

Some fake payment sites will ask for additional information beyond just card details, such as your name, address and other personal details. This can lead to identity theft, where scammers use this information to create new accounts or commit fraud in the victim’s name.

Future targeting 

Once scammers have your contact information, you may be more vulnerable to further scams. Scammers might sell your details on the dark web, leading to more phishing emails, scam calls, or even targeted ads that try to lure you into additional fraudulent schemes. They could potentially put malware on your device, too.

Damage to your credit rating

Depending on how far the scammers go with your details, fraudulent charges could affect your credit rating if left unchecked. Fixing these credit issues can take time and effort and can be really distressing.

In essence, being a victim of this type of scam could cause a whole bunch of potential stress that none of us ever want to be dealing with. It erodes our trust in otherwise convenient payment methods, and could affect any trip that you’re on if you then have to start dealing with the consequences of having money taken out of your account.

So - how to protect yourself and others!

Below we list some of the key ways to stay protected…

Avoid QR codes that look like they’ve been added at a later date

As a rule, if you see a QR code on a parking machine or a sign that looks like it was added later, be cautious. Does the sticker look like it’s displayed correctly? Does it look like it’s covering up something else? This is hard to tell, but if it looks like an addition rather than part of the original signage, be cautious.

Only use official apps 

Many car parks now have official apps for payment. You could download these apps directly from trusted app stores and use them instead of scanning QR codes.

Verify the website

If you do scan a QR code, double-check the URL before entering any of your details. Official parking URLs should likely match the company’s name, and if they look like they are shortened or have spelling mistakes, be very wary.

Report any suspicious QR codes

If you come across a QR code that seems out of place or leads to an unfamiliar site, notify the car park operator or the local council, as this helps them stay on top of these scams.

Use another payment option if you can

If you are unsure about whether a QR code is genuine or not, and the car park has a traditional pay station, it may be safer to use that by paying with cash or card. It’s a good idea to try to keep some cash on you, for this purpose, in case your card doesn’t work in the machine for some reason.

Hopefully you’ve found this guide helpful. Unfortunately, it looks like QR code parking scams are on the rise, but staying informed can help protect you from falling victim to it. Please do let us know in the comments if this has ever happened to you, and what the outcome was…