Top News

QR codes are everywhere now – stuck to pub tables for menus, on restaurant bills for payments, and at parking machines across the country. Most people scan them without a second thought, but that innocent black-and-white square could be the gateway to financial disaster.

Scammers across the UK are placing fake QR codes over genuine ones in car parks, pubs, and restaurants, tricking unsuspecting Brits into handing over their bank details. This scam, dubbed "quishing" (QR-code phishing), has cost victims nearly £3.5 million in just one year, according to Action Fraud.

As reported by the national reporting centre, fraudulent QR codes have been discovered on online shopping sites. Sellers are sent suspicious QR codes through email to authenticate their accounts or to process payments for items they have sold.

• Martin Lewis MSE confirms 'long-awaited' HMRC change for thousands
• State pensioners warned over 67 per cent 'double tax' after HMRC rule change

Some reports have indicated scams posing as HMRC and other UK government agencies. These two-dimensional codes, made up of small black-and-white squares, can be generated by anyone. Although many of them are benign, some serve as entry points into a scammer's scheme.

With QR codes becoming as common as salt and pepper on restaurant tables, the threat is growing daily. Last year, Cambridgeshire Police announced a new campaign designed to raise awareness about the associated risks of fake QR codes. It followed an incident in which one person lost £13,000 after scanning a code on a parking machine at a station.

Fraudsters print fake QR code stickers and place them directly over legitimate codes at pubs, cafés, restaurants, and parking machines. When you scan what you think is the genuine code to pay for parking, your bill, or view a menu, you're instead redirected to a fraudulent website that looks identical to the real thing.

These fake sites are designed to harvest your bank details, login credentials, or even install malware on your device. "The beauty of QR codes from a criminal's perspective is that you can't tell where they lead just by looking at them," explains a spokesperson from tech company OddsMonkey. "By the time you realise something's wrong, it's often too late."

Anyone using QR codes for everyday activities is potentially vulnerable. Diners scanning codes for menus or payments in pubs and restaurants are prime targets, as are drivers using QR codes at parking machines or EV charging points.

The scam has become particularly prevalent since the pandemic. During this time, businesses rapidly adopted QR codes to reduce physical contact with menus and payment terminals.

Before scanning any QR code, take a moment to inspect it closely. Look for signs of tampering, such as stickers placed over other codes or edges that look recently applied - try running your fingers over the QR code to see if it legit or not. If you have any cash on you, you could try using that instead to avoid opening up a QR code on your phone.

Always check the web address before entering any personal information. Make sure it's spelt correctly and uses HTTPS for security. If something looks off, trust your instincts.

When dining out, don't hesitate to ask the staff for the correct payment link or use the business' official website or app instead. Most legitimate businesses will happily provide alternatives. Use your phone's built-in camera app to preview links before opening them, and never scan QR codes from unsolicited emails, texts, or flyers.

"QR codes have become part of everyday life, but that familiarity is exactly what scammers are exploiting," warns the spokesperson. "A few seconds of caution could save you hundreds of pounds."

If you've fallen victim to a QR code scam, contact your bank immediately and report it to Action Fraud. Spotted a suspicious code? Report that too, you could prevent others from being caught out.