QR code car park scams becoming rising problem in the North East
The number of scams linked to QR codes has soared more than tenfold across the UK in just five years, the BBC has found.
Since 2019, thousands of people have been tricked by fraudsters using QR codes to steal money and personal information.
Since 2019, Northumbria and Durham police have received 65 reports of what is known as 'quishing'. This involves tricking someone into scanning a fake QR code on their phone that leaves them at risk of fraud.
Organised gangs are often behind the fast-spreading crime, according to Katherine Hart, lead officer at the Chartered Trading Standards Institute.
She said so-called ‘quishing’ is significantly underreported and is presenting a “huge challenge” to authorities globally.
“We’ve seen huge amounts of money lost this way, people have seen their life savings gone and that money is going to finance criminals,” Ms Hart added.
Quishing scams usually see misleading QR codes created by criminals placed where contactless payments are common, such as on parking meters or restaurant menus. They have also been spotted on packages, in emails and on television.
The malicious codes redirect users to fraudulent websites or applications and can be used to extract personal data, such as bank details.
The BBC’s Shared Data Unit obtained Action Fraud data that shows nearly 3,000 reports linked to QR codes were reported to the national fraud reporting centre between 2019 and 2024.
Last year, 1,386 reports were logged - more than double the 653 in 2023 and significantly higher than the 100 reported in 2019.
What is a QR code?
- QR stands for ‘quick response’
- QR codes look like black and white squares
- They work like a two dimensional bar code and can be scanned by a phone or tablet
- Businesses often use them legitimately to direct users to apps, payment platforms, social media accounts, menus and events listings
Ms Hart said the true scale of the problem is far higher as many do not report being targeted.
She said victims often lose small amounts of money initially, as those responsible gather the data they need to launch a “secondary scam”.
“You might lose £2.99 and a lot of people won’t report that and don’t realise they’ve passed on their information to a criminal organisation,” Ms Hart said.
“Invariably, days or weeks later they’ll get a call telling them they’ve been the victim of a fraud and they can pinpoint a day, because they already have all of this information you’ve shared with them earlier.
“They convince you using very coercive tactics that they’re from your bank, police or Trading Standards and they want access to your bank account to take everything you’ve got.”
Experts including the national fraud reporting service ActionFraud and the National Cyber Security Centre (NCSC) say it is “vital everyone stays vigilant” to cyber criminals.
A NSCS spokesman added: “When directed to a website by a QR code - especially in open spaces like stations or car parks - it is important to take care to ensure that it is genuine, and be cautious if you're asked to provide excessive personal information.”
Rayo Premium