Warning: scammers active! Fake QR codes discovered on parking meters

Warning: scammers active! Fake QR codes discovered on parking meters

More and more drivers are becoming victims of fraudulent QR code manipulation when parking in cities like Cologne. Police are issuing a strong warning about a criminal scam known as “quishing”. This form of fraud combines the use of QR codes with phishing techniques to lure unsuspecting users to fake websites and steal their sensitive payment information. Not only cities in the Harz Mountains are affected, but also large cities such as Cologne, Hanover and Dortmund, which are increasingly becoming the target of such machinations. News38 reports that notorious scammers are taping over real QR codes on parking meters and tricking drivers into entering personal information like credit card numbers.

The danger is particularly high in popular tourist resorts such as Bad Harzburg and Goslar. More and more cities are offering parking via app, which makes it easier to use. However, the fraudsters get ahead of the technology: They stick deceptively real QR code stickers that show that you can pay via the app. A simple scan of the false code then takes those affected to a fake website from which the money is immediately debited. RND reported a case in which a driver in Goslar was debited a four-digit sum after scanning a manipulated QR code.

How does quishing work?

The fraudsters' approach is extremely simple, but extremely effective: a fake QR code is stuck over the original code, and the unwitting driver then scans it, assuming that it will take them to the official parking service website. Instead, he is redirected to a fraudulent website. Techbook explains that these sites often require the entry of sensitive data. Unusual URLs that are designated as shortlinks or without HTTPS security are clear warning signs for users. Drivers in particular should be suspicious if QR codes are not printed directly or are attached in other places.

Warnings and protective measures

Police recommend several strategies to protect yourself from quishing. Drivers should exercise extreme caution when scanning QR codes. Recommended actions include:

• Manuelles Eingeben der Parkzone in die App, anstatt QR-Codes zu scannen.
• Verwendung von QR-Scannern, die die URL-Vorschau anzeigen.
• Überprüfung auf merkwürdige URLs oder fehlendes HTTPS.

If you fall victim to a quishing attack, you should contact the bank immediately and block your credit card via the central blocking emergency number (116 116). You should also consider reporting the matter to the police.
The investigative authorities are already active in the affected cities. They monitor parking meters and take custody of counterfeit QR stickers, while also cooperating with app providers to detect and prevent misuse. The situation remains tense and requires parked drivers to keep a watchful eye. Everyone should keep an eye on their data to avoid falling into the trap of fraudsters.