Quishing Scams Hit Parking Lots
Quishing scams trick drivers using fake QR codes at parking payment spots. Fraudsters place these codes on machines or posts in car parks. For example, a driver scans the code expecting to pay for parking. Instead, they land on a fake site that steals their payment details.
You park your car, find the machine, and scan the QR code that looks official. The site it opens asks for your payment details, just like a real parking service would. But later, you’re hit with a parking fine and notice money missing from your account.
This growing scam method is called “quishing” a form of phishing that uses QR codes. Fraudsters place fake stickers on real payment machines, signs, or even EV chargers. When scanned, these codes lead you to malicious websites that steal your personal and payment information. These attacks work just like traditional phishing scams but are harder to spot. Instead of a visible malicious link in an email or text, the attack uses a QR code. Scanners extract the URL behind the code and unknowingly land on a fake site.
How the Scam Operates
The fake website mimics a legitimate parking payment page. It asks for card details and car information to seem authentic. Later, scammers may call, posing as the victim’s bank. They trick users into transferring money to a “safe” account controlled by the fraudsters.
Rising Threat
In 2024, the UK reported 1,386 quishing incidents, doubling from the previous year. The first three months of 2025 saw 502 cases, showing a growing problem. A researcher notes many victims don’t realize their data was stolen. Often, they only notice after receiving a parking fine.
Why It’s Hard to Detect
Quishing uses QR codes instead of text links, unlike traditional phishing. This makes it harder for security tools to spot the threat. For instance, email scanners can’t easily decode QR code images. As a result, these attacks often go unnoticed by standard defenses.
Impact on Victims
Victims face severe consequences after scanning fake QR codes. One driver lost £13,000 after fraudsters racked up debt in her name. Additionally, scammers use stolen details to impersonate banks. This leads to further financial loss and identity theft for unsuspecting drivers.
A Growing Cybersecurity Concern
The rise of app-based parking payments fuels quishing scams. Fraudsters exploit the trust drivers place in QR codes. Therefore, public spaces like car parks and EV charging stations become prime targets. Awareness of this scam is crucial to avoid falling victim.
Preventing Quishing Scams
To avoid quishing, manually check parking payment websites instead of scanning QR codes. For example, use official apps or verified links to pay. Never share financial details over unsolicited calls and report suspicious QR codes. Additionally, enable two-factor authentication on banking apps. These steps help protect against scams and keep your data safe.
Sleep well, we got you covered.
