MEDIUM phishing
Is “quishing” a scam?
Yes — this matches a known scam pattern.
Scammers paste fake QR codes over real ones on parking meters, EV chargers, restaurant menus, and shipping labels. Scanning the fake code opens a convincing payment page that steals your card details — or installs a malicious app prompt.
How to tell
- ⚠ The QR code is a sticker pasted over another (often look closely — you'll see the edge)
- ⚠ The page after scanning asks for credit card details, account login, or to download an app
- ⚠ URL after scan is unusual ('paypaay.com', 'parkin-pay.io', shortlinks)
- ⚠ Page does not match the merchant's known brand
What to do right now
- 1 Look at the QR code before scanning. If it's a sticker on top of another sticker or label, do not scan
- 2 When the URL appears, check it against the merchant's known domain BEFORE entering anything
- 3 For parking: use the city's official app (Park Mobile, MeterUp, etc.) installed beforehand — not a QR code on the meter
- 4 If you entered card info on a fake page, dispute the charges with your card issuer and replace the card
- 5 Report to the FTC at https://reportfraud.ftc.gov and the FBI's IC3 at https://www.ic3.gov.
Full guidance, red flags, variants & official sources
A QR code sticker on a parking meter or menu sends you to a phishing site →