Quishing: The Rising Threat of QR Code Scams in Public Spaces

Quishing (QR code phishing) is a growing scam where criminals place fake QR codes in public spaces, leading users to fraudulent websites that steal personal and financial details. This method is particularly effective at EV charging stations, parking meters, and other machines across Europe. Below are examples of recent quishing incidents and tips on how to protect yourself.

How Quishing Works

Scammers replace legitimate QR codes with fakes at public machines like parking meters and charging stations. When scanned, these codes redirect users to phishing sites, prompting them to enter sensitive information, such as credit card details.

Overview of QR Code Scam Incidents

1. EV Charging Stations (Germany, October 2024) As per information from article  scammers place fake QR code stickers on EV charging stations, particularly targeting public stations where users are expected to scan a QR code to initiate charging or process payment. The fake QR code often looks identical to the legitimate one. When scanned, it leads the user to a fraudulent payment site that mimics the original service.

2. Pay & Display Machines (Ireland, October 2024)
   Counterfeit QR code stickers were placed over the genuine ones on parking meters. When unsuspecting motorists scanned the code, they were taken to a fraudulent website that mimicked the legitimate parking payment site. Authorities recommended using trusted methods like the Payzone app. Read more in article .

3. Public Transport (Barcelona, 2023)
   Fake QR codes on ticket machines tricked commuters into giving up banking details while attempting to buy transport tickets.

4. Shared Mobility Services (Paris, 2023)
   Fraudsters targeted bike and scooter rental stations, replacing legitimate QR codes with fake ones to steal users' financial details.

How to Protect Yourself

• Inspect QR Codes: Look for signs of tampering, like stickers or misaligned labels.
• Use Official Apps: Download official apps for payments instead of scanning QR codes.
• Manually Enter URLs: If unsure, type the web address directly into your browser.
• Report Suspicious Activity: Notify local authorities or the business if you suspect a scam.

We Can Help Protect You!

Our Redamp.io service includes a Safe Surfing feature that effectively handles protection in form of filtering out malicious URLs and helps against the latest threats such as phishing or malware.