Fake Parking Fine QR Code Scam
Fraudulent QR code stickers placed over genuine codes on parking meters, tickets, and signage that redirect drivers to a lookalike payment page designed to steal card details.
Last reviewed: 5 July 2026
What this scam is
Fake parking fine QR code scams involve criminals printing their own QR code stickers and placing them directly over the genuine codes found on parking meters, pay-and-display machines, windscreen penalty notices, or car park signage. When a driver scans the sticker expecting to pay for parking or settle a fine, they are instead taken to a professionally designed but fraudulent website that mimics the local council, parking operator, or private car park company.
The fake page asks for full payment card details, sometimes alongside a small charge presented as the parking fee or fine itself. In reality the transaction either takes the money directly to the scammer's account, or simply harvests the card number, expiry date, and security code for later use — often both.
This scam has grown alongside the widespread adoption of QR-code payment for parking, which was accelerated by contactless and app-based systems replacing coin meters. Drivers have become used to scanning a code without questioning it, which is exactly the behaviour the scam relies on.
How it works
A scammer prints a sticker containing a QR code that visually resembles the official parking signage — often including the council or operator's logo, colour scheme, and standard wording — and physically sticks it over the genuine code on a meter, ticket machine, or windscreen notice. In some versions, the sticker appears on a fake 'penalty charge notice' left under a windscreen wiper, mimicking a real parking ticket.
A driver scans the code expecting to pay for a parking session or settle what looks like a fine. The link opens a website that closely copies the branding of the real parking authority, complete with a fake reference number and amount due. The driver enters their card details to 'pay', believing they are completing a routine transaction.
Once the card details are submitted, the scam site may show a fake confirmation page so the driver has no immediate reason to suspect anything is wrong. The card details are then used for unauthorised purchases, sold on, or used to set up recurring charges. Some variants follow up days later with a text message claiming the 'payment failed' and asking the driver to re-enter their details, capturing the information a second time or triggering a fresh round of fraud.
Why this scam works
Scanning a QR code to pay for parking has become a routine, low-attention action for most drivers, especially since many towns replaced coin meters with app or QR-based systems. The physical sticker sitting exactly where a genuine code should be gives the scam an air of legitimacy that a random text message or email would not have — the driver is standing at the actual meter or car park, reinforcing the belief that the code must be genuine.
The urgency of parking situations also works in the scammer's favour. Drivers scanning a code are often about to walk away from their vehicle and want to complete payment quickly, which discourages the kind of careful checking — verifying the web address, comparing it to the operator's known domain — that would expose the fraud.
Common red flags
- QR code sticker appears raised, peeling, or a different material from the surrounding sign
- Web address after scanning does not match the operator's known official domain
- Page asks for full card details including CVV for a routine parking payment
- Windscreen notice demands immediate payment via QR code rather than a standard reference and portal
- Generic or slightly incorrect branding, logo, or wording compared to the genuine operator
- Follow-up text claiming a payment failed and asking for card details again
- No option to pay by any method other than the QR code link
- Urgent threat of an escalating fine if payment is not made within a short window
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Your parking session could not be completed. Pay now to avoid a [amount] penalty: [link]
PENALTY CHARGE NOTICE: Outstanding balance of [amount]. Settle immediately via QR code to avoid escalation.
Your recent parking payment failed. Please re-confirm your card details here: [link]
Car park exit fee overdue — scan to pay [amount] before leaving the site.
Common variations
- Sticker placed directly over the genuine QR code on a pay-and-display meter
- Fake penalty charge notice left under a windscreen wiper with a QR code demanding immediate payment
- Text message containing an embedded QR code image to bypass link-scanning spam filters
- Follow-up 'payment failed, re-enter your card' message sent after the initial scam
- Fake QR code on car park entry/exit barriers redirecting to a phishing payment page
- Cloned parking app listed in an unofficial app store alongside the phishing QR code
How to verify before you act
Before scanning any QR code on a meter or notice, inspect it for signs of tampering: a sticker that is peeling at the edges, sits slightly proud of the surface, or is a different material or print quality from the surrounding signage is a strong indicator it has been placed over a genuine code. Compare the domain shown after scanning against the parking operator's known official website — do not trust the page simply because it displays the right logo.
Wherever possible, avoid the QR code entirely and use the parking operator's official app (downloaded independently from an official app store, not via the QR link) or pay by phone using a number found on the operator's verified website rather than the sign itself. If a QR code is on a windscreen notice claiming to be a fine, contact the issuing council or operator directly using a number you find independently before paying anything.
Payment methods used
- Card details entered on a phishing payment page
- One-off card charge disguised as a parking fee
- Recurring or follow-up unauthorised card charges
Who is usually targeted
- Drivers using pay-and-display and app-based car parks
- Tourists unfamiliar with local parking systems
- Commuters in a hurry to pay and leave
- Anyone who has received an unexpected windscreen notice
What to do immediately
- Do not enter any further details on the site if you have not already submitted payment
- If you already entered card details, contact your bank's fraud line immediately to freeze the card
- Check recent bank statements for unauthorised or recurring charges
- Photograph the sticker and its location before it is removed or replaced
- Report the sticker to the car park operator or council so it can be taken down
- Report the incident to your national fraud reporting body
How to prevent it
- Inspect any QR code sticker for signs it has been placed over another code
- Use the parking operator's official app, downloaded independently, instead of scanning codes
- Check the web address shown after scanning matches the operator's known official domain
- Never enter full card details including CVV on a page reached by scanning an unfamiliar QR code
- Call the council or operator directly using a number from their verified website to check a fine
- Report suspicious stickers to the council or car park operator so they can be removed
- Set up card transaction alerts to catch unauthorised charges quickly
- Pay for parking by phone or contactless in-app rather than via QR where the option exists
Evidence to preserve
- A photo of the QR code sticker and the meter, notice, or sign it was placed on
- A screenshot of the website the code led to, including the web address
- The text message containing the QR code, if applicable
- Bank statement records of any resulting transaction
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How can I tell if a QR code on a meter has been tampered with?
Look closely at the sticker itself — genuine codes are usually printed as part of the original signage, while a fraudulent overlay often sits slightly raised, has peeling edges, or is a different paper or print quality from the rest of the sign.
Is it safer to use an app instead of scanning a QR code?
Yes. Downloading the parking operator's official app directly from an official app store, rather than via a QR link, removes the risk of being redirected to a fraudulent page altogether.
I entered my card details on a fake parking page — what should I do?
Contact your bank's fraud line immediately using the number on your card or banking app, ask them to freeze the card and monitor for unauthorised transactions, and report the incident to your national fraud reporting body.
Can this happen with legitimate, well-known parking apps too?
The scam itself relies on a fake sticker or notice, not a flaw in any specific app. Even in car parks operated by well-known companies, a criminal can physically place a fraudulent sticker over the genuine code, so the brand on the sign does not guarantee the code is genuine.