QR Code Scams Target Tourists: Quishing on the Rise in Europe
Criminal groups across Europe are increasingly exploiting QR code fraud (known as quishing) to deceive tourists. Researchers at Netcraft have reported that two major gangs of cybercriminals are deploying QR code schemes for parking payments, spreading them throughout the UK and other countries.
Fraudsters affix counterfeit QR codes to parking meters, redirecting unsuspecting individuals to fraudulent websites where they are prompted to enter personal details and banking information. This not only results in the theft of funds but also leaves victims vulnerable to fines for unpaid parking.
The first warning of this new threat surfaced in August when the British insurance company RAC cautioned drivers to be vigilant and to pay for parking only through official apps or with cash. According to the company, over 10,000 people have fallen victim to these schemes in just the two months since the alert was issued.
The prevalence of this type of fraud is gradually expanding beyond Europe. Both the U.S. and Canada are beginning to encounter similar issues. The FBI has already issued a warning about cybercriminals using QR codes to steal users’ funds.
In the UK, the fraudsters began by placing QR code stickers in central London, and the scheme has since spread to cities like Blackpool, Brighton, Portsmouth, and Aberdeen. The scammers particularly target tourists who are unfamiliar with local parking systems.
One criminal syndicate masquerades as the PayByPhone app. Users scan fake codes, enter vehicle and banking details, and the website confirms a successful payment. However, in reality, the funds are being diverted to the fraudsters.
According to researchers, all of the fraudulent sites exhibit similar characteristics: they are registered through the domain registrar NameSilo and use domains such as “.info,” “.click,” and “.live.” The fake sites also employ Cloudflare protection to further obscure their malicious activity.
Robert Duncan of Netcraft highlights that businesses find it challenging to defend against such attacks, as mobile devices are less secure compared to computers. However, using specialized brand protection platforms could help detect these threats at an early stage.
Experts advise avoiding scanning unfamiliar QR codes and downloading apps only from official stores.
