Anyone who pays for parking at a public car park, especially through their phone, is being issued a warning. According to consumer group Which?, people who pay for parking this way could be unknowingly putting themselves at risk of losing their personal data and money.
There are several warning signs the organisation has listed that could mean you're about to be scammed when using your phone to pay at a car park. In a newly released video on Facebook, Which? issued an alert about QR codes and the importance of verifying their legitimacy.
At the start of the video, a person can be seen peeling off a fake QR code stuck on top of a real one on what appears to be a car park payment sign. In a worrying trend, criminals are sticking fake QR code stickers over real ones in parking lots to steal payment information from customers.
The scam, known as 'quishing' (QR phishing), tricks people into visiting fake websites designed to collect credit card numbers, passwords, and personal information. Fake QR codes are typically placed over legitimate parking payment signs or machines. Unsuspecting drivers scan the code, believing they are paying for parking, only to be redirected to fraudulent websites designed to steal payment details or personal information.
In the caption, Which? said: "Don't get caught out by a QR code scam." It added: "Criminals often tamper with QR codes in public places – like restaurants, pubs, shops, bus stops, train stations, and car parks – to redirect you to fake websites or malicious apps. Here are five simple ways to protect yourself from QR code scams."
In the video, a Which? representative explains the steps to take to avoid falling for QR code scams in public places. She said: "Before you scan a QR code in public, always check to see if it's been tampered with. If it looks suspicious, don't use it. Just type the web address in manually on your device to make sure you visit the correct website.
"Most phones have a scanner built into the camera, so use this instead. Don't use an app to scan a QR code as it increases the risk of downloading malware or being directed to a misleading advert. Preview the web address as you start to scan it. If it doesn't begin with HTTPS, it looks different, or it's not the site you are expecting, don't visit it.
"Avoid QR codes and emails as scammers are increasingly using them to disguise malicious links. Email security tools don't always scan images. Don't use QR codes to download apps as it increases the risks of downloading something dodgy. Use a verified app store like Google Play or the app store and always do your research on the app before you download it."
A statement on The British Parking Association's website reads: "Recent scams involve fake QR codes, fraudulent Penalty Charge Notice (PCN) text messages and contactless card payment fraud. Here’s what you need to know to stay protected. Scammers may place fake QR codes in parking areas including on official signage, leading users to fraudulent websites designed to steal payment information."
Besides car parks, people who use QR codes for daily tasks might be at risk. Customers looking at menus or paying by scanning codes in restaurants and shops could be targeted, just as drivers who scan QR codes at parking meters, bus stations, train stations or electric vehicle charging stations.
According to the latest data, there has been an increase in fake QR code parking scams. New figures reveal that reports have increased by more than 14-fold since 2022.
Figures, obtained through a Freedom of Information request to Report Fraud Intelligence Services, sent by business management consultant Ailsa, show scammersare increasingly targeting motorists in car parks using fraudulent QR codes designed to mimic legitimate payment systems.
In 2022, just nine cases were reported, with total losses of £322. By 2025, that number had surged to 133 reports in a single year, with victims losing £29,682. In total, there have been 247 reports of these scams over the four-year period, costing drivers £56,648.
If you've fallen victim to a QR code scam, contact your bank immediately and report it to Action Fraud. If you think you have spotted a suspicious code, you can report that too, and you could prevent others from being caught out.
