Beware of "Quishing": A New Scam Targeting Drivers
As you approach your parked car, you spot a large QR code on the payment machine. Curiosity piqued, you scan it, expecting it to redirect you to a convenient payment page. You enter your credit card details and carry on with your day, blissfully unaware of the lurking danger. Only later do you face a harsh reality: your money is gone, and you’ve received a hefty fine for not paying the legitimate parking operator. Welcome to the world of quishing—a sophisticated scam that combines QR codes and phishing tactics.
What is Quishing?
Quishing is a term coined to describe QR code phishing schemes. As digital payments gain traction in parking facilities, they have inadvertently become a playground for fraudsters. Scammers place counterfeit QR codes on parking machines or related signage, leading unsuspecting drivers to fraudulent websites. These sites are designed to capture sensitive payment information, ultimately resulting in heavy financial losses for victims.
The Alarming Rise of QR Scams
According to recent statistics, the UK’s Action Fraud received 1,386 reports of QR code scams last year—more than double the amount from the previous year. This upward trend shows no signs of slowing down, as just the first three months of 2025 already account for 502 reports.
Chris Ainsley, head of fraud risk management at Santander UK, sheds light on this growing issue: “Unless drivers receive a parking ticket, they often remain oblivious to the compromise of their personal or card details. Ultimately, many instances of quishing go unreported,” he states.
What Does the Scam Look Like?
The typical setup for this scam involves a QR code that you might expect to find on a parking payment machine or nearby signage.
Identify the Warning Signs
- Sticker placement: Scammers often stick their codes over legitimate ones.
- Suspicious appearance: Be wary of any QR code that looks out of place.
What Information Do Scammers Request?
Once you scan a fraudulent QR code, you will likely be directed to a site requesting your payment information and vehicle details. Here’s where the trap deepens:
- Phishing calls: After submitting your details, you may receive a call from someone posing as a bank representative. They’ll claim you’re a victim of fraud and need to transfer your funds to a "safe" account—one they control. Never comply; genuine banks do not request such actions.
Simple Steps to Protect Yourself
To safeguard your finances and personal data, follow these best practices:
1. Be skeptical of QR codes.
- Always question the legitimacy of QR codes found on parking machines and signs.
2. Utilize existing apps.
- If you already have a parking app installed on your phone, prefer it over scanning any codes.
3. Opt for traditional payment methods.
- Where possible, use cash or a credit card directly at the machine.
4. Verify URLs.
- Always check the URL that appears when you scan a QR code. If it seems suspicious, do not proceed.
5. Look for HTTPS.
- Ensure the site uses HTTPS, indicating a secure connection, before entering any sensitive information.
6. Monitor your bank statements.
- Keep an eye on your transactions and report any suspicious activity to your bank immediately.
7. Report the scam.
- Notify local authorities, the police, and the car park management if the scam occurs at a private facility.
Final Thoughts
As technology evolves, so do the tactics of fraudsters. Protecting yourself from scams like quishing requires a vigilant mindset. By adopting the practices outlined above, you can safeguard your financial wellbeing while enjoying the convenience of modern payment methods. Remember, it’s always better to be cautious than to become a victim of a fraud scheme. Stay informed, stay alert, and most importantly, stay safe!
