Scam script · SMS / text

QR Code Parking / Payment Scam Script

Fake QR code stickers placed over legitimate parking machine codes, or sent by text, direct drivers to phishing sites that steal card details when they attempt to pay for parking.

Last reviewed: 1 June 2026

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

PARKING NOTICE: Your session at [location] requires payment. Scan the QR code on this notice to pay online and avoid a penalty charge: [fake link]

Your parking at [car park] expires in 15 minutes. Pay now to extend your session: [fake link]. Failure to pay may result in a [amount] fine.

Important: the parking machine at this bay is temporarily out of service. Please pay via QR code: [fake link]. Thank you for your patience.

Hi, we noticed your vehicle is parked at [location]. To avoid a [amount] fine, please complete payment of [amount] at: [fake link]

What the scammer wants

To capture full card details — number, expiry, CVV, and billing postcode — on a realistic-looking fake parking payment page, using the urgency of an imminent fine as motivation.

Red flags in the message

QR code sticker applied over the original on a parking machine or meter
Payment page does not match the official car park operator's domain
Unsolicited text about a parking session you may not have started
Page asks for card details rather than redirecting to a known payment provider
No printed receipt option or official branding on the payment page

A safe response

Check the QR code sticker carefully — if it is peeling, misaligned, or covers existing markings, do not scan it. Use the official parking app or a machine to pay, or call the car park operator's number on the signs.

What not to send

Card details including CVV on an unverified page
Billing address or postcode
Any payment via a QR code of uncertain origin

What to do if you already replied

Contact your bank immediately if card details were entered
Report the fake QR code to the car park operator and local authorities
Monitor your statement for unexpected charges

Evidence to preserve

Screenshot the full message or call details
Note the sender number, email, or profile
Save any links (without clicking) and payment details
Record dates and times

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

PARKING NOTICE: Your session at [location] requires payment. Scan the QR code on this notice to pay online and avoid a penalty charge: [fake link]

Your parking at [car park] expires in 15 minutes. Pay now to extend your session: [fake link]. Failure to pay may result in a [amount] fine.

Important: the parking machine at this bay is temporarily out of service. Please pay via QR code: [fake link]. Thank you for your patience.

Hi, we noticed your vehicle is parked at [location]. To avoid a [amount] fine, please complete payment of [amount] at: [fake link]

Red flags in the message

QR code sticker applied over the original on a parking machine or meter

Payment page does not match the official car park operator's domain

Unsolicited text about a parking session you may not have started

Page asks for card details rather than redirecting to a known payment provider

No printed receipt option or official branding on the payment page