They said convenience was king. Turns out, it’s also a great way to get conned. Who knew those cute little black-and-white squares could be this shady?
In this publication, we're exposing a fast-rising scam that could catch anyone off guard — even in broad daylight. It's clever, it’s silent, and it’s all too easy to fall for.
Organised crime gangs are behind a surge in fraudulent QR code scams — known as “quishing” — tricking unsuspecting people into handing over bank details at places like parking meters and restaurants.
How It Works:
Here’s the scam, step by step:
- The Setup: Scammers print fake QR codes and stick them on or near legitimate signs — usually where contactless payment is expected.
- The Scan: You scan the code, thinking you're paying for parking, a meal, or accessing information.
- The Trap: It takes you to a lookalike site or forces you to download a shady app.
- The Theft: You “pay” a small fee, but instead you’ve shared your bank details or unknowingly subscribed to a costly service.
- The Fallout: Days later, more money disappears or you're hit with a second wave scam using the data you handed over earlier.
Who’s Targeted:
Everyone — from commuters to pensioners. But this scam especially thrives in busy areas where people are in a rush and less likely to second-guess a scan. Contactless culture has made this tactic dangerously effective.
Real-Life Example:
Milton Haworth scanned a QR code at a council-run car park in Castleford. It charged him 90p to “verify” his bank, only for £39 to disappear the next day via a bogus subscription.
“I assumed I’d paid for parking,” he said. “The sign looked official. I had no idea QR codes could even be used like this.”
And he’s not alone — Action Fraud reports show these scams have skyrocketed from just 100 in 2019 to nearly 1,400 in 2023.
Why You Should Care:
This isn’t just about losing a few pounds. Once scammers have your data, they can launch secondary attacks, impersonate your bank, and drain your account using social engineering.
All from one simple scan.
And while £39 might seem minor, what if it’s a million people losing £39 each? That’s serious criminal revenue, and it’s your money funding it.
Actionable Steps:
Here’s how to keep your cash and data safe:
- Inspect the code: Look for stickers that look out of place or don’t align with the original sign.
- Type, don’t scan: If possible, manually enter the URL instead of scanning a QR code — especially when money’s involved.
- Avoid apps from unknown sources: Never download apps prompted by a QR code unless it’s from a known, verified platform.
- Watch your bank activity: Even small charges can be the start of something bigger.
- Report it: File a report with Action Fraud if you spot a suspicious QR code — every report helps authorities catch patterns.
Quick Tips & Updates
Quick Tip #1: Did you know? QR codes can be printed in seconds — scammers use the same fonts, colors, and designs as real signs to stay undetected.
Pro Tip: If a QR code takes you to a payment page, double-check the domain before entering any details. Look for small typos, unusual URLs, or anything unfamiliar.
Stay safe, stay informed.
Keywords & Definitions
- Quishing: A phishing scam that uses QR codes to trick people into visiting fake websites or downloading malicious content.
- QR Code: A scannable code that can link to websites, apps, or digital content.
- Social Engineering: Psychological manipulation used to trick people into revealing sensitive information.
- Contactless Payment Hotspots: Areas like parking machines and restaurant tables where people commonly pay using QR codes.
- Action Fraud: The UK’s national reporting center for fraud and cybercrime.
To read more, kindly find source article here