Five ways to spot fake QR codes and avoid being scammed when paying for car parking

Drivers are being warned about QR code scams at car parks
-Credit: (Image: iStockphoto/Getty Images)


Drivers are being warned about scammers trying to con unsuspecting motorists at car parks.

The scam involves placing fake QR codes on parking machines in the hope that visitors will scan them when paying over the phone. In this form of phishing, often referred to as 'quishing', the customer is directed to a phony website, where they enter their card details for the scammer to see.

Marc Porcar, CEO of QR Code Generator, said: "According to National Trading Standards, around 73% of UK adults have been targeted by scams, and 35% of people have fallen victim to the offence. With scams becoming ever more convincing, even the most technologically savvy among us remain at risk.

READ MORE:Jay Slater's mum says TV detective's comments have 'knocked her back a million steps'

READ MORE:Driver killed in M6 crash named after five people die in Cumbria collision

"QR code phishing scams are the most recent trend we are seeing among car parks across the UK. Drivers must remain aware of this type of scam and the techniques scammers are likely to employ."

Marc has shared the following tips for spotting fake QR codes. There is also advice on what to do if you fall victim to a QR code scam.

Closely inspect the QR code

Before scanning a QR code on a parking meter, it is essential to check that it has not been tampered with in any way. Look for peeling edges, unusual bumps in the material, and anything else that generally looks suspicious. If the corners of the code are peeling and you can see another code underneath, this can indicate that a fake code has been stuck over the original one.

If the QR code is printed on paper, is unusually large, and covers all or part of the text on the parking meter, this is telltale sign that it isn’t legitimate. Scammers will often inflate the size of the QR code to make it more visually obvious, to encourage customers to scan it.

Keep up to date with all the latest breaking news and top stories from the North East with our free newsletter

Check the URL

When you scan a QR code, your phone allows you to preview the website’s link before you click to visit the site. Use your judgement to assess the website URL and whether it matches up with the parking company’s actual website.

Some scammers will set up a copycat website using a domain name that looks similar but is slightly different from the real thing. For example, the imposter URL could be ‘https://www.justpark.net’ while the genuine website is ‘https://www.justpark.com’.

Also, make sure that the website you are visiting on your mobile browser has a padlock symbol next to it and that the URL begins with ‘https://’ rather than just ‘http://’. This ensures that the website is encrypted with a Secure Sockets Layer (SSL) certificate. Some phishing websites now also use SSL protection in an attempt to trick visitors, so this is a risk that should be taken into consideration when visiting the site.

Suspicious website content

If you click through to a parking service website with a QR code and the webpage content looks unusual or things feel out of place, this can be a sign you are not booking parking through the legitimate site. Some phishing websites can look quite sophisticated but there are some signs you can watch out for. These include spelling mistakes, lack of correct capitalisation, text being misaligned, and logos and graphics appearing pixelated or out of date.

Asking for too much personal information

When paying online, parking services are likely to require your vehicle registration, your email address to confirm your booking, your card number, its expiry date, and the last three digits on the back of your card (CVV/CVC). If the site asks for additional information, such as your home address, phone number, or even your card’s PIN number, this can be a sign that it isn’t legitimate.

Use a dedicated parking app

Popular parking services such as JustPark, Ringo and PayByPhone have their own dedicated app, which you can download directly from the Apple or Google Play store. Once you have the app downloaded, scanning the QR code should redirect you to the app to start your booking. If it doesn’t, and you are directed to a site in your browser, it is likely that you could be dealing with a phishing website. Alternatively, the car park should have a location code, which you can enter directly into the app if unsure about the QR code’s legitimacy.

What to do if you fall victim to a QR code scam

If you enter your bank details and realise that you have fallen victim to a QR code scam, make sure to check your bank account for any unauthorised transactions. Immediately notify your bank so that they can freeze your card and hopefully issue a refund for any money you might have lost.

Usually, if you have paid with a debit or credit card, you should be able to get a refund by making a Chargeback against your provider. Report any QR code scams to Citizens Advise and Action Fraud, to prevent other people from making the same mistake.