It’s seemingly everywhere you look - stories about scamming and how scammers are using more sophisticated methods to try to con you.

You may remember the recent reports of fake QR codes being stuck to parking machines in council-owned car parks in Gloucestershire. However, this is merely one facet of a much larger problem.

The BBC found the number of scams linked to QR codes has soared more than tenfold across the UK in the last five years. Thousands of people across the country have been scammed using QR codes, compromising their personal information and losing money.

But what on Earth is going on? Why is there such a rise in this type of crime? What can you do to protect yourself - and what exactly is a ‘QR code’ anyway?

We’ll answer these questions and more as we answer - QR code scams: What’s going on?

Before we continue, it’s best to explain what a QR code is. ‘QR’ stands for ‘quick response’. The codes are square-shaped, with black and white pixels, which can store information in a grid-like pattern.

Originally, the codes were created by a Toyota subsidiary company, Denso Wave, as a way to keep track of types and numbers of car parts. However, while this application of QR codes is highly practical - its use changed drastically over time.

Nowadays, using devices such as smartphones, your camera can detect the codes to quickly redirect you to applications (known as apps), websites, a location using your maps and much more.

QR codes can store all kinds of information, including text, contact details, maps - and crucially - URLs, which put simply is a link to a website. Of course, when used honestly, these codes make things like learning, shopping and exploring much easier - the problem comes when someone uses the technology nefariously.

Generally QR codes are safe, but they can be used to redirect users to malicious websites, so it's important to be cautious when scanning codes from unknown sources.

This might sound fairly simple, and you may be wondering how some people are getting away with scamming residents in this way. This is when we come onto a scam known as ‘quishing’.

When it comes to using QR codes, we’ve already learned you’ll generally be safe if you trust the source and remain cautious - but what if you trust the source, keep cautious and still get scammed?

There is a cybercrime tactic known as ‘quishing’. Quishing scams usually see misleading QR codes created by criminals placed where contactless payments are common, like on parking meters or restaurant menus. They have also been found on letters, packages, in emails and on television.

In Gloucestershire, the codes were printed onto stickers and placed onto parking machines - which residents and tourists alike use everyday without issue.

When the code was scanned using a smartphone, it directed the user to what appeared to be a legitimate website. Gloucestershire County Council learned from residents that suspicious codes were directing users to a website called ‘byphoneparking.info’.

This is just one example of how quishing can take your money. As we know, malicious codes can redirect users to fraudulent websites or applications, and can be used to extract sensitive data.

Katherine Hart, Lead Officer at the Chartered Trading Standards Institute, believes quishing is significantly underreported and is presenting a huge challenge to authorities globally - and thinks organised crime gangs are behind the rise across the country.

Katherine said: “We’ve seen huge amounts of money lost this way, people have seen their life savings gone and that money is going to finance criminals.”

“Parking meters were just the start, we’re now seeing QR codes posted everywhere, from within emails to texts and through the post.

“They take you to a platform that’s designed to take your details, where the criminal can scam you on the spot and take your money, or data harvest to use your details later down the line, which is a worrying thing.”

Action Fraud data shows nearly 3,000 reports linked to QR codes were referred to the national fraud reporting centre between 2019 and 2024.

In 2024, 1,386 reports were logged - more than double the 653 in 2023 and much higher than 100 reported in 2019.

Locally, Gloucestershire Constabulary logged 23 reports of QR code scams since 2019. Of course, this does not take into account unreported scams.

Katherine Hart highlighted this point, and said the true scale of the problem is far higher as many do not report being targeted, perhaps due to embarrassment or being unsure how to report what’s happened.

Often too, victims lose small amounts of money to begin with, and this helps those responsible gather data they need to launch a secondary scam.

Katherine said: “You might lose £2.99 and a lot of people won’t report that and don’t realise they’ve passed on their information to a criminal organisation,” Ms Hart said.

“Invariably, days or weeks later they’ll get a call telling them they’ve been the victim of a fraud and they can pinpoint a day, because they already have all of this information you’ve shared with them earlier.

“They convince you using very coercive tactics that they’re from your bank, police or Trading Standards and they want access to your bank account to take everything you’ve got.”

The recurring issue has caused NCP to consider its options. A spokesman for National Car Parks (NCP) said: “NCP is very vigilant to the threat of fraudulent QR codes which could affect our customers and our business. We have made sure that we have a rigorous process in place which works to try to prevent anyone being able to compromise our use of QR codes. “

There’s no clear reason for why there is a rise of QR code scams. Some theorise that it could be down to a reliance on the use of contact-free technology since the pandemic, whereas others believe it is simply too easy for scammers to do.

A cybersecurity expert based in Monmouthshire, who wished to remain anonymous, said: “I would say these scams are rising in popularity because they’re easy to produce and it’s very clandestine. Scammers can market it the way they want, and people have grown to inherently trust QR codes.

“If you can make them look good enough, or make them look convincing enough, they’re easier to make money from than phishing emails. It’s an adaptation from a technology that the general public doesn’t truly understand. If you asked someone ‘how exactly does a QR code work?’, they wouldn’t be able to tell you - but telling them to ‘scan this’ will work.

“In a nutshell, they’re easy to produce and hard to protect against. You don’t know they’re malicious until you’ve scanned it, and then it’s probably too late.”

It can be frightening to think your personal details can be compromised and your money can simply disappear without your consent, and all it takes is one mistake. However, there are ways to protect yourself.

Prevention is the best way to stay safe and vigilance is key. Experts including Action Fraud and the National Cyber Security Centre say it is vital everyone stays vigilant to the threat of cyber criminals.

A spokesman for the National Cyber Security Centre said: "With more businesses using QR codes to direct people online, it is vital everyone stays vigilant to cyber criminals who might try to exploit this.

"When directed to a website by a QR code - especially in open spaces like stations or car parks - it is important to take care to ensure that it is genuine, and be cautious if you're asked to provide excessive personal information.

"By staying alert online and following practical steps available on the Stop! Think Fraud website, individuals can help protect themselves from falling victim to cyber crime."

It’s also important to remember that you’re not alone. Many people have been scammed in one way or another in their lifetime. Experts explained that while sometimes it can be embarrassing to ask for help or admit to being scammed, it’s critical that you speak up.

Wayne Stevens, National Fraud Lead at Victim Support, said: “There is a lot of embarrassment, shame and stigma associated with cyber fraud, but it is vital that victims do not blame themselves. If you have been impacted, contact Victim Support for free, confidential support.”

If you think you may have fallen victim to a QR code scam, it’s important that you contact your bank immediately - the number for the fraud team is usually on the back of your card. If you feel more comfortable speaking to someone in person, your bank should be able to help you in branch.

A Gloucestershire County Council spokesperson said: "If you spot a QR code that looks oddly printed or seems randomly stuck onto a machine, don’t scan it - report it to us immediately.”

QR codes can be handy at times, but with a recent rise of QR code scams locally and across the country, it’s probably best to avoid using them - especially if you do not trust or recognise the source.

Remain vigilant when it comes to QR codes, and if there are alternative ways to conduct a transaction, then consider it. For example, if you can pay cash for parking.

Remember to keep an eye on your bank account and report anything you don’t recognise. Above all, if you get in trouble and think you may have been scammed - speak up and contact the authorities including your bank and the police by calling 101.

Install the latest software and app updates

Software and app updates contain vital security updates to help protect your devices from cyber criminals.

Turn on 2-step verification (2SV)

2-step verification is recommended to help protect your online accounts.

Password managers: how they help you secure passwords

Using a password manager can help you create and remember passwords.

Back up your data

Safeguard your most important data, such as your photos and key documents, by backing them up to an external hard drive or a cloud-based storage system.

Three random words

Use three random words to create a password that's difficult to crack.