Car park 'quishing': what it is, how to spot it, and what to do if caught out

.

As QR codes become more common in our everyday lives, scammers are finding new ways to exploit them - including in car parks. One of the latest threats drivers face is car park quishing - a form of phishing where fake QR codes are placed on or near parking payment machines to trick unsuspecting motorists into revealing personal and financial information.

Here we explain what the scam is and how to spot it and avoid having your details stolen or devices contaminated with malicious programmes.

The UK's busiest roads revealedCrooks can stick fake QR codes over existing parking signs to scam money. The photo here is used as an example of how QRs are employed and the codes here are genuine - as they're integrated into the sign. But look out for stickers added on top of signs and check the website matches what is printed on the sign  (Photo: Pete Barden)

What is car park quishing?

Car park quishing is a specific type of QR code phishing scam. It involves fraudsters placing fake QR codes on or around pay-and-display machines, signs, or barriers.

These codes usually link to websites that look like legitimate parking payment portals. Drivers scan the code expecting to pay for parking, but instead, they’re taken to a spoofed site designed to steal payment details or install malware on their phones.

Scammers rely on the fact that people often act quickly when trying to pay for parking—especially if they're in a rush or worried about getting fined. This makes it easy to overlook small details and fall for the trap.

How to spot car park quishing

While these parking scams can be sophisticated, there are warning signs that can help you avoid falling victim:

  1. Out-of-Place QR Codes: Be wary of QR codes that are stickers placed on top of or near official signs. Many scammers use labels or printed signs to cover legitimate information.

  2. Poor Print Quality: Genuine QR codes on official machines are usually professionally printed. Blurry, wonky, or cheap-looking stickers are a red flag.

  3. Strange URLs: If your phone shows a preview of the link, look closely at the web address. Fake sites may use spelling errors or odd domain names like “payparking-now.info” instead of a local authority or parking company website.

  4. No Alternative Payment Options: Most legitimate car parks also offer card, cash, or contactless payment options. If the only way to pay appears to be through a QR code, that’s suspicious.

  5. Urgent or Aggressive Language: Wording like “Scan now to avoid a fine” is a common tactic to create panic and rush users into scanning without thinking.

How to stay safe

To protect yourself from car park quishing scams:

  • Use Trusted Apps: Download and use official parking apps like RingGo or PayByPhone directly from your phone’s app store.

  • Pay at the Machine: Where possible, use the machine itself to pay, especially if it accepts contactless or card payments.

  • Check Before Scanning: If the QR code looks like a sticker or seems recently added, avoid it. Use your browser to visit the parking provider’s official website instead.

  • Preview the Link: Some phones allow you to see the URL before opening it. Use this to check if it matches the correct parking provider.

  • Ask for Help: If in doubt, contact the local council or car park provider using the details on signage—don’t rely on what’s next to the QR code.

What to do if you spot or fall for it

If you come across a suspicious QR code in a car park:

  1. Don’t Scan It: Avoid scanning or interacting with the code.

  2. Report It: Inform the car park operator or local council straight away. Take a photo and share the location.

  3. Check Your Bank: If you did enter card details on a suspicious site, contact your bank immediately and monitor for unusual activity.

  4. Change Passwords: If you entered login details, change them as soon as possible—especially if you use the same password elsewhere.

  5. Warn Others: Post on local community groups or parking app reviews to warn others of the scam.

Car park quishing is on the rise—but being alert and cautious can help keep your personal information safe.

Subscribe for free motoring and travel news here - support independent journalism 

* indicates required

Latest motoring news

Take a look at more of our top motoring-related content here...

 
facebook sharing button Share
twitter sharing button Tweet
pinterest sharing button Pin
email sharing button Email
sms sharing button Share
sharethis sharing button Share

 

Subscribe for free motoring and travel news from PeteBarden.co.uk

* indicates required

Author: Pete Barden:

Twitter: @pete_barden

Pete Barden is a qualified journalist who has written and produced for publications including The Sun (thesun.co.uk), New Statesman Media Group, Whatcar? (Whatcar.com) Stuff Magazine (Stuff.tv), Fastcar Magazine (Fastcar.co.uk), Maxim Magazine and UK broadcast stations within the Heart network (Formerly GCAP). Pete specialises in motoring and travel content, along with news and production roles. You can find out more about Pete Barden on LinkedIn.

 About us: Pete Barden Motoring and Travel News

See our privacy page here