EV Charging App Phishing Scam via QR Codes
Fake QR codes stuck onto public EV charging stations redirect drivers to a lookalike charging app or payment page that harvests card details.
Part of: EV Charging App Phishing Scam
Last reviewed: 5 July 2026
QR codes are the natural attack surface for the EV charging app phishing scam because many public charging stations legitimately rely on a quick scan-and-pay flow, so a sticker placed over or beside the real code blends in seamlessly with how drivers already expect to start a charging session.
How this scam works on QR Codes
A scammer affixes a fraudulent QR code sticker directly onto a public charging station's real code, screen, or nearby signage, sometimes labeling it as a 'new payment method' or claiming the station's app is temporarily down. Scanning it opens either a fake mobile app download page or a browser-based payment form branded to resemble a legitimate charging network, prompting the driver to enter card details or even create an account with a password they may reuse elsewhere.
Because EV drivers are often in a hurry to start charging and are used to varied charging networks each having their own app or QR flow, a convincing fake page rarely raises suspicion in the moment, and the stolen card details are used for fraudulent charges while the driver still believes their charging session is starting, sometimes only realizing the deception when the vehicle never actually begins charging.
Common red flags
- A QR code sticker looks like it was added on top of or beside the charging station's built-in code or screen
- The scanned link prompts an app download from outside the official app store or a browser payment page rather than the charging network's known app
- The page asks for a password to be created or reused, or requests unusually broad account permissions
- The charging station's official screen shows an error or 'use QR code' message that seems out of place for that network
- No physical charging session actually starts after payment is entered
- The web address or app name is a close but not exact match to the real charging network's name
How to protect yourself
- Use the charging network's official app downloaded directly from the official app store rather than scanning a station QR code
- Inspect the station for signs a sticker has been placed over the original QR code or screen
- Avoid entering card details on any web page reached by scanning a code rather than through a verified official app
- Check that any app requesting payment matches the exact name and branding of the known charging network
- Report a suspicious or tampered station to the charging network's customer service
- Monitor your card statement for unauthorized charges if you scanned a code and entered payment details
How to report it
- Report the tampered station and location to the charging network operator so the sticker can be removed
- Report the fraudulent app or page to the official app store if it was found there
- Contact your bank if you entered card details, to monitor for or dispute unauthorized charges
- File a report with your national consumer protection or fraud reporting agency
Frequently asked questions
How can I avoid fake QR codes at EV charging stations?
Use the charging network's official app downloaded directly from your phone's app store instead of scanning a QR code at the station, since a sticker can be placed over the real code by anyone.
What if I already entered card details through a scanned QR code and no charge started?
Contact your bank immediately to flag potential fraud and dispute any charge, and report the station to the charging network so they can inspect it.