A car parking scam is seeing drivers' bank accounts hacked and drained, experts have warned.
In an attempt to scam drivers, fraudsters are placing QR code stickers on car park payment machines, which drivers then scan and have their bank details stolen.
Google searches for “parking charge scams” have seen a 300% increase in the past 12 months in the UK, showing how parking scams are on the rise, leading to a new warning.
Drivers also put themselves at further risk of fines due to not having a valid parking ticket and paying for a fake one.
The fine for not paying for a car park ticket in the UK can be as high as £300, so this could be a costly mistake for drivers, on top of getting their details stolen.
What is a QR code parking scam?
Car parking payments are commonly paid using a QR code, where customers scan the code on their mobile device, which takes them to a website where they can pay for parking.
Fraudsters are covering legitimate QR codes with fraudulent QR codes to trick customers into entering their payment details at counterfeit websites. It mimics genuine payment providers, so scammers can take customers' money and payment details.
What is a QR code?
A QR code, which stands for quick response code, is a type of matrix barcode that can store information like URLs, text, phone numbers, and email addresses. QR code phishing, also known as “quishing", allows a scammer to access whatever data the user provided, such as personal details and financial information.
What's checked in an MOT?
A recent QR code attack has been reported in Skegness, where a driver in his motorhome and was tricked into paying £39 to park. Initially, only 90p was taken out of his bank account, but the following day, a further £39 was taken out of his account, which flagged the scam to the driver.
How to spot a car park scam
Keith Hawes, director at Nationwide Vehicle Contracts, has shared advice for drivers to avoid being victims of parking scams:
"Download parking apps," he says. "It is best practice to pay through a mobile app, by downloading the relevant parking app directly from the App Store or Google Play. Scanning a QR code at the parking meter can lead to customers sharing their payment details on untrustworthy domains.
"Some fraudulent domains may have extra symbols in the URL destination, which shows it is a scam, however scammers can create URLs that can easily fool customers, so it is best to download legitimate parking apps on your mobile device."
It's also worth looking for suspiciously cheap or expensive parking prices.
Have you seen a deal online that looks too good to be true?
— Take Five (@TakeFive) January 17, 2025
Purchase scams are when a criminal creates fake adverts online to encourage you to buy goods that don’t actually exist.
They continue to be the most common type of APP scam in the UK.
Always stop and think.… pic.twitter.com/HwrSg7ksPx
"If parking charges seem unusually high or higher than expected, make sure to check the actual parking service fees," says Keith. "If parking fees don’t align, this clarifies it is a scam."
Legitimate parking services will have a customer service option, whereas scams will typically not offer customer service options such as a number to call.
- Private parking companies may no longer be able to trace drivers' details
- February half term family days out up to half price
- Martin Lewis advice: fix now, not on the energy price cap
It's also worth doing your homework and checking online reviews before choosing car parking options.
"If car parks have been prone to scams, other customers will likely have left reviews to warn fellow drivers," says Keith.
"Planning parking in advance can mitigate the risk of being scammed when paying for parking."
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here