Consumer group Which? has issued a warning about the issue on social media (stock image) (Image: Getty)
Anyone who pays for parking at a public car park, particularly via their mobile phone, is being urged to take note of an important warning. According to consumer group Which?, those who pay for parking in this manner could be unwittingly placing their personal data and finances at serious risk.
The organisation has outlined several telltale signs that could indicate you are about to fall victim to a scam while using your phone to pay at a car park. In a newly released Facebook video, Which? raised the alarm about QR codes and the vital importance of verifying whether they are genuine.
At the start of the video, a person can be seen peeling off a counterfeit QR code placed directly over a legitimate one on a car park payment sign. In a deeply concerning trend, fraudsters are placing fake QR code stickers over genuine ones in car parks in order to steal customers’ payment details.
The scam, known as ‘quishing’ (QR phishing), tricks people into visiting fake websites designed to collect credit card numbers, passwords, and personal information. Bogus QR codes are typically positioned over legitimate parking payment signs or machines. Unsuspecting drivers scan the code, believing they are simply paying for parking, only to be redirected to fraudulent websites deliberately engineered to harvest their payment details and personal information, reports the Mirror.
In the caption, Which? said: “Don’t get caught out by a QR code scam.” It added: “Criminals often tamper with QR codes in public places – like restaurants, pubs, shops, bus stops, train stations, and car parks – to redirect you to fake websites or malicious apps. Here are five simple ways to protect yourself from QR code scams.”
Read more: UK’s largest parking company plunges into administration – 340 car parks at risk
Read more: Exact distance from kerb you should park your car
In the footage, a Which? team member outlines the measures to take to avoid falling victim to QR code scams in public. She said: “Before you scan a QR code in public, always check to see if it’s been tampered with. If it looks suspicious, don’t use it. Just type the web address in manually on your device to make sure you visit the correct website.
“Most phones have a scanner built into the camera, so use this instead. Don’t use an app to scan a QR code as it increases the risk of downloading malware or being directed to a misleading advert. Preview the web address as you start to scan it. If it doesn’t begin with HTTPS, it looks different, or it’s not the site you are expecting, don’t visit it.
“Avoid QR codes and emails as scammers are increasingly using them to disguise malicious links. Email security tools don’t always scan images. Don’t use QR codes to download apps as it increases the risks of downloading something dodgy. Use a verified app store like Google Play or the app store and always do your research on the app before you download it.”
A statement on The British Parking Association’s website reads: “Recent scams involve fake QR codes, fraudulent Penalty Charge Notice (PCN) text messages and contactless card payment fraud. Here’s what you need to know to stay protected. Scammers may place fake QR codes in parking areas including on official signage, leading users to fraudulent websites designed to steal payment information.”
Reading Council has also recently issued an alert about the trend on social media. In a post on Facebook, the council told residents: “Beware of false QR codes stuck on parking payment machines and signage in Council car parks.
“Please do not use them as they are a scam. Neither the Council nor RingGo use QR codes as links to make payments. Our parking team are removing any fake QR codes they find and reporting them to police.”
Beyond car parks, those who rely on QR codes for everyday tasks may also be at risk. Customers browsing menus or settling bills by scanning codes in restaurants and shops could find themselves targeted, much like drivers who scan QR codes at parking meters, bus stations, train stations or electric vehicle charging points.
According to the most recent data, fake QR code parking scams are on the rise. Newly released figures reveal that reported cases have surged by more than 14-fold since 2022.
The figures, obtained via a Freedom of Information request to Report Fraud Intelligence Services by business management consultant Ailsa, demonstrate that fraudsters are increasingly preying on motorists in car parks using counterfeit QR codes crafted to imitate legitimate payment systems.
People could easily fall for the QR code scam if they don’t check (stock image) (Image: Getty)
In 2022, only nine cases were recorded, with total losses amounting to £322. By 2025, that figure had rocketed to 133 reports within a single year, leaving victims out of pocket by £29,682. Altogether, 247 reports of such scams have been logged over the four-year period, costing drivers a combined total of £56,648.
Should you fall prey to a QR code scam, get in touch with your bank straight away and report it to Action Fraud. If you believe you have come across suspicious code, you can report that as well, and in doing so, you could spare others from being caught out.
