A DAY trip could cost more than you bargained for if you’re caught out by scammers using bogus QR codes, conning unsuspecting members of the public out of cash.
Fraudsters are using convincing-looking QR codes in car parks to dupe drivers into logging on to bogus websites to pay parking fees.
Instead of paying a few pounds for parking, unsuspecting drivers have been conned out of hundreds by using their cards on fake – but realistic-looking – websites.
The growing trend of QR fishing – or quishing – has seen criminals taking advantage of publicly-displayed codes. Codes are often found in retail outlets, car parks and tourist hotspots. Criminals use them to post their own fake codes and re-direct the public to malicious websites.
£400 instead of £1.50 parking charge
One victim thought he was paying £1.50 per hour for car parking in Redcar. Using the information board in the car park, he scanned a QR code, gave his personal details and paid online.
Everything seemed fine – until a few days later the driver realised £400 had been taken from his bank account. The 41-year-old immediately contacted his bank and Action Fraud to report the incident.
To make matters worse, he later received a £90 penalty charge from the owners of the car park for failing to pay his parking fee.
It later turned out that a criminal gang had created their own QR code, which had been placed over the genuine code posted on the information board by the car park’s owners.
Luckily, the bank returned the driver’s stolen money, cancelled his bank cards and the parking company cancelled the penalty charge.
However, a criminal network now has the victim’s name, email and address. The network also has his mobile telephone number and knows, which bank he uses.
The PCC-funded Victim Care and Advice Service (VCAS) supported the victim after the fraud.
Top Tips to beat scams
Dave Mead, VCAS’ Victim Services’ Manager, has tips to avoid becoming a victim of quishing. They are:
- Check to see if codes – or displays – in open spaces such as stations or car parks have been tampered with. For example, a sticker may have been placed over the legitimate QR code. If in doubt, do not scan! Use a search engine to find the organisation’s official website or app to make payment
- Be cautious If you receive an email with a QR code in it and you’re asked to scan it
- Use the QR scanner in your mobile phone, rather than an app downloaded from an app store.
Matt Storey, Cleveland Police and Crime Commissioner (PCC,) said: “At a time when many hard-working families are out and about more, this is a really worrying trend.
“No-one can afford to lose hundreds of pounds from their bank account out of the blue and no-one wants the stress of getting a totally unwarranted parking fine.
“I’d urge everyone to follow the advice and check all QR codes posted outdoors very carefully.”
Andy Hampson, Fraud Protect Officer from the North East Regional Organised Crime Unit (NEROCU,) said: “We have dedicated crime specialists that work year-round tackling all forms of fraud, scams, and economic crimes.
“We encourage people to be vigilant when using public QR codes and check their legitimacy before scanning and/or entering personal information.
“We deploy resources based on intelligence and crime reporting so we urge anyone who has been a victim of quishing or has information about it to report it to Action Fraud so we can investigate and protect our communities.”
The Redcar case mirrors a similar incident last year, which was picked up by Stop Scams UK.
A 71-year-old woman was scammed out of £13,000 at Thornaby railway station car park. Scammers reportedly covered up a genuine QR code and directed the woman to a cloned website.
From there, criminals re-directed her payments, took out a loan in her name, and stole her card information.