It looks innocent enough. A QR code on a parking meter — scan to pay. Except it's not the meter's code. It's a sticker, placed by a scammer, and it leads to a fake payment page.

This is "quishing" — QR code phishing — and it's exploding across the UK.

How It Works

  1. A scammer prints a fake QR code sticker and places it over a legitimate code on a parking meter, restaurant table tent, EV charger, or even a public notice board.
  2. You scan the code with your phone — it looks like it should take you to a payment page.
  3. Instead, you're taken to a convincing fake site that steals your card details, or the code triggers a download of malware onto your phone.

Where It's Being Reported

  • Parking meters — Fake codes on PayByPhone machines in London, Manchester, and Birmingham
  • Restaurants — QR menu codes replaced with scam links (reported in 12 UK counties)
  • EV charging points — Fake payment codes on public chargers
  • Council notice boards — Fake "pay your council tax" QR stickers

How to Protect Yourself

  • Check the sticker. If it looks like it's been stuck on top of the original, peel it off and report it.
  • Check the URL. Before entering any payment details, check the web address. If it's a jumble of letters or a misspelled brand name, close it.
  • Use the official app. Instead of scanning the code, open the parking or payment app directly.
  • Don't download apps from QR codes. Scammers use codes to push malware disguised as "updated" payment apps.

What to Do If You've Been Scammed

  1. Contact your bank immediately — they can freeze your card and reverse fraudulent transactions.
  2. Change your online banking password.
  3. Report to Action Fraud at actionfraud.police.uk or call 0300 123 2040.
  4. If you downloaded malware, run a full antivirus scan.

The QR code is convenient. That's why criminals love it. But a moment of caution before you scan can save you thousands. Stay sharp. Stay safe.