QR Code Parking / Payment Scam Script
This scam combines fake QR code stickers placed over legitimate parking payment signs with text messages sent directly to drivers, both leading to a convincing but fraudulent parking payment page. The urgency of an approaching fine encourages you to enter payment details quickly without checking whether the page belongs to the real parking operator. Rather than paying for parking, you hand over your full card number, expiry date, security code, and billing details directly to a scammer. The most important step is to pay through the official parking app or a trusted number, not by scanning a code on-site.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
PARKING NOTICE: Your session at [location] requires payment. Scan the QR code on this notice to pay online and avoid a penalty charge: [fake link]
Your parking at [car park] expires in 15 minutes. Pay now to extend your session: [fake link]. Failure to pay may result in a [amount] fine.
Important: the parking machine at this bay is temporarily out of service. Please pay via QR code: [fake link]. Thank you for your patience.
Hi, we noticed your vehicle is parked at [location]. To avoid a [amount] fine, please complete payment of [amount] at: [fake link]
What the scammer wants
To capture full card details — number, expiry, CVV, and billing postcode — on a realistic-looking fake parking payment page, using the urgency of an imminent fine as motivation.
Red flags in the message
- QR code sticker applied over the original on a parking machine or meter
- Payment page does not match the official car park operator's domain
- Unsolicited text about a parking session you may not have started
- Page asks for card details rather than redirecting to a known payment provider
- No printed receipt option or official branding on the payment page
A safe response
Check the QR code sticker carefully — if it is peeling, misaligned, or covers existing markings, do not scan it. Use the official parking app or a machine to pay, or call the car park operator's number on the signs.
What not to send
- Card details including CVV on an unverified page
- Billing address or postcode
- Any payment via a QR code of uncertain origin
What to do if you already replied
- Contact your bank immediately if card details were entered
- Report the fake QR code to the car park operator and local authorities
- Monitor your statement for unexpected charges
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
I got a text about a parking fine right after I parked — is that normal?
Legitimate parking notices are rarely sent as an unsolicited text moments after you park, especially with an immediate payment link; genuine fines and charges typically arrive by post or through the official parking app. Treat such texts with suspicion and check your parking status directly through the operator.
The payment page looked exactly like the real parking company's website — how can I tell it's fake?
Check the web address carefully for misspellings or unusual domain endings, since scam pages are often near-identical copies hosted on a different, subtly altered URL. If the page came from a text or a QR code rather than the operator's official app or a direct search, treat it as suspect.
I entered my card details on the fake page — what should I do immediately?
Contact your card issuer right away to report possible fraud and consider requesting a replacement card, since acting quickly limits how much a scammer can do with your details. Monitor your statement closely for unfamiliar charges over the following weeks.
How do I safely pay for parking to avoid this in the future?
Use the parking operator's official app downloaded from a legitimate app store, or type the operator's known website address directly into your browser, rather than scanning random QR codes or clicking links from unsolicited texts.