July 1, 2025, 6:00 am | Read time: 3 minutes
Fraudsters are increasingly using fake QR codes on parking meters to direct unsuspecting drivers to convincingly real phishing sites. This scam, known as “quishing,” allows criminals to capture sensitive payment data, often without detection.
Recently, manipulated QR codes have been discovered on parking meters in several cities. This scam is called “Quishing.” Criminals cover the official codes from parking providers and redirect users to fraudulent websites. There, personal data is requested, such as credit card information or vehicle details. In one documented case, this led to a four-figure amount being debited. The police advise caution and warn of a trend that is spreading nationwide.
Quishing Explained Simply and Briefly
Before we delve into the current case, here’s a general explanation of what the scam involves: Quishing is a form of phishing where fraudsters use QR codes to direct users to fake websites. Unlike traditional phishing emails, which are often detected by security software, QR codes generally go unchecked because they are processed as image files.
The perpetrators use professionally designed QR code stickers to feign legitimacy and request sensitive data like passwords, credit card numbers, or account information on the fake sites. The goal is to misuse this data or directly withdraw money.
Fake QR Codes with Deceptively Real Appearance
The current scam is simple but effective: Fraudsters cover the real QR code on the parking meter with a deceptively realistic sticker. When scanned, it doesn’t open the expected payment page of the parking provider but a fake website. Particularly insidious: These phishing sites mimic the design of well-known services so precisely that many users don’t immediately recognize the fraud.
The Lower Saxony State Criminal Police Office recently issued a specific warning about this Quishing method warned. Cases have been reported in several cities in Lower Saxony where such QR code stickers were discovered.
Read also: Where does the term Phishing actually come from?
Risk for Unwary and Technically Unprotected Users
There is a particular risk for users with outdated smartphone software. Since QR codes are graphic objects, they are not automatically checked by antivirus programs. Unlike phishing emails, there are no security mechanisms that block access to harmful content. Those who scan QR codes carelessly in everyday life and directly enter payment data risk becoming victims of such attacks. Similar stickers have also been found on e-charging stations.
How to Protect Yourself Against Errors and Fraud when Making ransfers
Fraud with Apple ID! What users should definitely not do now
How to Protect Yourself From AI Phone Scams
How to Protect Yourself Against Quishing
The police recommend being particularly vigilant when scanning QR codes. Users should check whether the code belongs to the original labeling or if fraudsters may have placed a sticker over it. Those who wish to use the mobile parking service should download the app of the respective provider directly from the official app store and manually enter the zone code.
Additionally, third-party QR scanner apps can be helpful: These show the target address in advance and allow an assessment of whether it is a legitimate website. Anyone who has fallen victim to such fraud should immediately contact their bank, have the card blocked, and file a report with the police.