Beware Of New QR Scams Costing £10,000 A Day!

In recent years, QR codes have become an indispensable part of daily life and are increasingly common across the UK.  

Whether ordering drinks in a bar or paying for parking, a quick scan can complete the transaction within seconds.

However, what many people don’t realise is that this seemingly convenient little square has quietly become a new weapon for fraudsters. 

According to British media reports, in just one year this new type of scam has cost consumers more than £3.5 million.

The rise of QR scams

This form of scam, which relies on scanning QR codes, is known as ‘QR phishing’ or ‘quishing’.

As the name suggests, the ‘Q’ refers to QR codes that, when scanned with a smartphone camera, can instantly link to websites, apps, payment pages or digital files. 

Fraudsters then use these links in emails, text messages or phone calls to carry out phishing attacks, tricking victims into revealing passwords, credit card numbers or bank details, or even downloading malicious software onto their phones.

According to Action Fraud, between April 2024 and April 2025, there were 784 reports of QR phishing incidents, resulting in total losses of nearly £3.5 million — an average of more than two cases a day and daily losses of around £10,000.

Yet experts warn that this is likely just the tip of the iceberg. 

Where does QR phishing usually occur?

According to Action Fraud, car parks are among fraudsters’ favourite “fishing grounds”.

Criminals place fake payment QR codes over the genuine ones on pay machines.

Information obtained by The Bureau of Investigative Journalism (TBIJ) revealed that out of 373 local authorities, one in three reported such incidents in their car parks over the past year.

Parking-related QR scams not only expose drivers’ personal and financial information but can also lead to unpaid parking fees — meaning victims lose money and still receive fines.

Case study

A 71-year-old woman scanned a fake QR code at Thornaby railway station car park.

Fraudsters used her personal details to set up online banking, change her registered address and take out a £7,500 loan in her name. She was later blacklisted and unable to access her own accounts.

How to protect yourself from QR phishing

Unlike the suspicious links in traditional phishing emails, QR scams are harder to spot because of where and how the codes appear. 

To stay safe, follow these tips:

1. Pause before you scan

Scams often work when you’re distracted or in a hurry. If you’re unsure about a QR code, don’t scan it — go directly to the company’s official website or app instead. A few extra seconds could save you a lot of trouble.

2. Use your phone’s built-in scanner

Avoid third-party scanning apps, which tend to be less secure and more easily exploited.

3. Watch out for tampered QR codes

In public areas, check whether a code looks like it’s been covered or altered — if it does, don’t scan it.

4. Go directly to official sources

When making payments, it’s safest to use the company’s website or official app.

5. Check the web address

After scanning, verify that the link is legitimate before entering any login or payment information.

6. Install security software

Adding an extra layer of protection on your phone can help block malicious links and apps.

Fraud cases reach record levels

Despite regular public warnings, scam cases continue to rise year after year.

According to Cifas’ Fraudscape 2025 report, there were 421,000 recorded fraud cases in the UK last year — the highest on record.  Even the Financial Conduct Authority (FCA) has been impersonated by scammers.

In the first half of 2025 alone, 4,465 reports involved criminals posing as the FCA, with 480 victims losing money. 

These scams often exploit public trust in official organisations, claiming they can recover losses, but their real goal is to steal money or personal information.

Some advice from TB Accountants

QR codes and digital services have made everyday life and business more convenient, but they also bring new security challenges. 

Fraud now poses a risk not just to individual consumers but also to businesses and professional organisations.

For companies, frequent financial transactions and sensitive data exchanges mean that even one careless scan of a fake QR code by an employee or client could lead to data breaches, financial loss or compliance issues. 

Fraudsters may impersonate clients or suppliers to request fake payments, exposing firms to further risks under data protection and anti-money laundering (AML) regulations.

Whether you’re an individual or a business, the key to managing risk is awareness and prevention.

Staying alert to new scams and acting cautiously are the best ways to protect your finances and data.

Why TB Accountants?

• Professional Assurance: Our team includes ACA members and ACCA-certified professionals, delivering services to the highest industry standards.

• Responsive Service: We respond to your inquiries within 24 hours, ensuring efficient communication across time zones.

• Multilingual Support: Services available in English, Mandarin, Cantonese, Japanese, French, German, Spanish, Italian, Turkish, and more.

• Trusted by Clients Worldwide: Consistently praised by global clients for proactive, professional, and reliable accounting and tax support.

For individuals and businesses looking for UK taxation services, use our contact form to get in touch for more information.

Get in touch with us at info@tbagroup.uk or for a free one-to-one consultation. 

This article is intended as general guidance only, and does not replace any legal or professional advice.  For enquiries, please contact TBA Group via email or WhatsApp.