Criminals are catching out unsuspecting drivers by placing fake QR codes over council-owned parking machines, in what’s being dubbed as ‘quishing’. In the last month, there has been a big spike in false QR codes on parking machines in Barking and Dagenham, Northumberland, Northamptonshire, South Tyneside and Pembrokeshire, which all appear to use the PayByPhone app to collect parking payments.
The RAC is also aware that a car park in Lytham St Annes, which uses the MI Permit app for payment, was targeted.
The false codes are leading people to enter their card details into fraudulent websites set up to steal payment information, which criminals then use to spend money from their bank accounts.
RAC head of policy Simon Williams said: “A car park is one of the last places where you’d expect to be caught out by online fraud. Unfortunately, the increasing popularity and ease of using QR codes appears to have made drivers more vulnerable to malicious scammers. For some, this sadly means a Quick Response code could in fact be a ‘quick route’ to losing money.
“As if this quishing scam isn’t nasty enough, it can also lead to drivers being caught out twice if they don’t realise they haven’t paid for parking and end up getting a hefty fine from the council.
“The safest course of action when paying for parking at a council-owned car park is to avoid using QR codes altogether. Most of these councils don’t even operate a QR code payment system, so if you’re in any doubt, steer well clear and only pay with cash, card or via an official app downloaded from your smartphone’s app store. This advice should also be applied to any mode of transport where you can pay via a QR code, including electric vehicle charge points and private car parks.
“This new wave of criminal activity is case in point for why the UK is in dire need of the National Parking Platform, which will allow everyone to use one app of their choice to pay for parking. As people are faced with a plethora of different payment apps depending on where they are in the country, it’s no wonder many resort to the convenience of using the QR codes they see on payment machines.”
To avoid being caught out by car park scammers, the RAC advises drivers to only pay via a QR code if they have no other payment option. It’s better to pay by cash, card or via the car park’s official app on your phone. You could also call the parking provider’s phone number and follow the instructions, but you still need to be careful this is a genuine number.
If you decide to use the QR code, you should follow these steps:
- Check to see if it has been stuck onto the parking payment machine. Tell-tale signs are the code looking too big or if it partially obscures official information underneath
- Make sure the payment website’s URL is secure and is the official site for the company you want to pay. Look out for a padlock symbol and an address that begins with https://
- If you’re concerned you’ve used a false code, check your bank statement and banking app for any suspicious transactions.
- If someone calls you claiming to work for your bank, ask for a reference number, then phone your bank’s actual number from a letter they have sent or from their official website. Never ring the number the caller gives you over the phone or via email
Simon Williams added: “Our research with drivers shows that many still prefer to pay with cash. Unfortunately, this option – along with payment machines – are being phased out by lots of councils, which a majority of drivers think is a bad idea.*
"We believe there should always be at least two different means of paying for parking in the event technology fails or the car park is located somewhere with intermittent phone signal.”
Complete peace of mind for less
• Cheaper than AA Price Guarantee^
• We get to most breakdowns in 60 mins or less
• Our patrols fix 4/5 breakdowns on the spot
*RAC Opinion Panel survey of 1,900 UK drivers