QR Code Scams

Recently, I was with a client in central London and whilst parking his car, I noticed a QR Code sticker at the parking meter.  This sticker looked as if it had been placed over the original parking notice.  This led me to do some research.  I found that motorists are being warned of two potential parking scams designed to trick people into paying fraudsters.  The first involves scammers placing fake QR codes disguised as “quick pay” options on parking meters. People scan the QR code using their mobile phone and enter their credit card information thinking they are paying for the space, but instead, it directs them to a fake website where scammers capture their payment details.

A motorist recently had money taken from their bank account after trying to pay for parking in Sandown, Isle of Wight, using a false QR code stuck to the machine. They were later made aware of the fraud by their credit card company. Meanwhile, parking payment app provider — PayByPhone — is warning motorists of bogus websites created in an attempt to impersonate theirs and dupe drivers into entering their bank details.

These sites require people to register, then ask for their credit or debit card details and charge a subscription. PayByPhone says it does not provide any subscription service and will never charge your card without your authorisation. The company is working with the relevant authorities to have these sites removed, however, in the meantime, is urging people to exercise caution when providing their credit or debit card details online in case the site is fraudulent. It said the authentic PayByPhone site remained a secure platform with the highest level of security for processing payments. To avoid these scams specific to PayByPhone:

  • Download the PaybyPhone app directly from the App Store or Google Play Store
  • Visit the official website by entering PayByPhone.co.uk directly into the search bar
  • Dial the automated phone line

This scam is not solely directed at parking meters. Any company which has a QR Code payment system can be targeted. The QR code doesn’t have to lead you to a website with a payment form. It could take you to a website which downloads a malicious piece of software on your device which could lead to a compromise. It is critical that when you open a link in a QR code, you ensure that the URL is safe and comes from a trusted source. Just because the QR code has a logo you recognise doesn’t mean you should click on the URL it contains

Remain vigilant and double check before you pay!



Valkyrie Updates


Stay informed with the latest insights, expertise and innovations in the world of security with Valkyrie’s news, reports and white papers