QR Code 'Quishing' Scams up 14-Fold in Five Years

They said convenience was king. Turns out, it’s also a great way to get conned. Who knew those cute little black-and-white squares could be this shady?

In this publication, we're exposing a fast-rising scam that could catch anyone off guard — even in broad daylight. It's clever, it’s silent, and it’s all too easy to fall for.

Organised crime gangs are behind a surge in fraudulent QR code scams — known as “quishing” — tricking unsuspecting people into handing over bank details at places like parking meters and restaurants.


How It Works:

Here’s the scam, step by step:

  1. The Setup: Scammers print fake QR codes and stick them on or near legitimate signs — usually where contactless payment is expected.
  2. The Scan: You scan the code, thinking you're paying for parking, a meal, or accessing information.
  3. The Trap: It takes you to a lookalike site or forces you to download a shady app.
  4. The Theft: You “pay” a small fee, but instead you’ve shared your bank details or unknowingly subscribed to a costly service.
  5. The Fallout: Days later, more money disappears or you're hit with a second wave scam using the data you handed over earlier.


Who’s Targeted:

Everyone — from commuters to pensioners. But this scam especially thrives in busy areas where people are in a rush and less likely to second-guess a scan. Contactless culture has made this tactic dangerously effective.


Real-Life Example:

Milton Haworth scanned a QR code at a council-run car park in Castleford. It charged him 90p to “verify” his bank, only for £39 to disappear the next day via a bogus subscription.

“I assumed I’d paid for parking,” he said. “The sign looked official. I had no idea QR codes could even be used like this.”

And he’s not alone — Action Fraud reports show these scams have skyrocketed from just 100 in 2019 to nearly 1,400 in 2023.


Why You Should Care:

This isn’t just about losing a few pounds. Once scammers have your data, they can launch secondary attacks, impersonate your bank, and drain your account using social engineering.

All from one simple scan.

And while £39 might seem minor, what if it’s a million people losing £39 each? That’s serious criminal revenue, and it’s your money funding it.


Actionable Steps:

Here’s how to keep your cash and data safe:

  1. Inspect the code: Look for stickers that look out of place or don’t align with the original sign.
  2. Type, don’t scan: If possible, manually enter the URL instead of scanning a QR code — especially when money’s involved.
  3. Avoid apps from unknown sources: Never download apps prompted by a QR code unless it’s from a known, verified platform.
  4. Watch your bank activity: Even small charges can be the start of something bigger.
  5. Report it: File a report with Action Fraud if you spot a suspicious QR code — every report helps authorities catch patterns.


Quick Tips & Updates

Quick Tip #1: Did you know? QR codes can be printed in seconds — scammers use the same fonts, colors, and designs as real signs to stay undetected.

Pro Tip: If a QR code takes you to a payment page, double-check the domain before entering any details. Look for small typos, unusual URLs, or anything unfamiliar.


Stay safe, stay informed.


Keywords & Definitions

  • Quishing: A phishing scam that uses QR codes to trick people into visiting fake websites or downloading malicious content.
  • QR Code: A scannable code that can link to websites, apps, or digital content.
  • Social Engineering: Psychological manipulation used to trick people into revealing sensitive information.
  • Contactless Payment Hotspots: Areas like parking machines and restaurant tables where people commonly pay using QR codes.
  • Action Fraud: The UK’s national reporting center for fraud and cybercrime.

To read more, kindly find source article here


Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages