A new parking scam is

costing Manchester drivers thousands

Quishing may not be a word you’ve heard before, but it’s rapidly becoming a big problem. Basically, it’s the name of a new parking scam that’s catching out thousands of drivers in cities across the UK, including right here in the North West. I first had reports of my breakdown recovery customers spotting it in both Manchester and Stockport, and since then it’s popped up in other surrounding areas like Bolton, Altrincham, and Sale (just to name a few). That means if you’re based in the North West yourself, there’s a good chance that cases of it

may pop up relatively close to home.

 

So that leads us nicely on to the big questions: what exactly is quishing, and how can you avoid getting caught out?

Quishing Parking Scam Manchester

What is quishing

Quishing is basically a new form of phishing attack that uses QR codes to trick people into handing over sensitive information or making payments to fraudsters. (The word itself is a portmanteau of “QR” and “phishing”.) It’s particularly effective because QR codes have become part of everyday life, especially since the pandemic. Most of us are used to scanning them to pay for parking, access menus, or download apps—and that familiarity is exactly what scammers are exploiting.

 

Here’s how it works: a scammer places a fake QR code over an official one (often with a realistic-looking sticker or flyer) at pay-and-display machines or on signage in public car parks. Unsuspecting drivers scan the code, expecting to pay for parking. Instead, they’re taken to a fraudulent website, or prompted to download a malicious app. From there, it’s easy for scammers to collect personal information or banking credentials or even sign the user up to a fake subscription to extract the maximum amount of revenue from them over a longer period.


The scale of the issue

A recent BBC investigation found that Action Fraud received 1,386 reports of QR-related scams in 2024 alone, a massive increase compared to just 100 incidents in 2019. What’s even more worrying is that the figures are likely to be a fraction of the true number, as many victims don’t realise they’ve been scammed, or simply never report it. In fact, nearly 3,000 incidents have been recorded over the last five years, with a significant number centred in large urban areas like London, and yes, Manchester.

 

One victim, Milton Haworth, scanned a QR code at a council car park in Castleford. He thought he was paying 90p to park, but later discovered a £39 charge for a bogus annual subscription. Like many others, he didn’t realise the code was fake until the money had already left his account. And when he deleted the app, the money was not refunded.

Why is it becoming such a common problem?

The main reason why this is becoming such an issue is because of how incredibly low-effort it is for scammers to carry it out. All it takes is a cheap printed sticker and a busy location. QR code stickers are easy to make, hard to trace, and take seconds to apply—especially when placed over legitimate codes on existing signage or machines. Plus, the con can be repeated across multiple locations, creating a wide net with minimal risk of detection.

 

Car parks are especially appealing targets. They tend to be places where people are in a hurry, juggling bags, passengers, or errands. In those situations, there

are lots of people who won’t think twice about scanning a code and making a quick payment. Plus, with the rise of contactless, cashless transactions, many

people don’t carry coins anymore. So if the QR code is the only visible method of payment, drivers can feel pressured into using it—without pausing to double-check where it’s taking them.

 

I also think it’s worth addressing this fact here: let’s be honest, pretty much all of us think that we won’t be the ones to get caught out—but that attitude in itself can end up making us easy targets, as it can be easy to get lulled into a sense of our own infallibility, which can weirdly make us more likely to make mistakes. There’s also the fact that even if only one in a hundred people fall for it, that’s enough to make it profitable—especially if they’re working multiple locations around Manchester, Stockport or Salford.

How can you avoid getting caught out?

In brief: 

  • Always inspect QR codes before scanning—look out for stickers or signs of tampering
  • Stick to official payment methods—that means cash, contactless terminals, or verified apps
  • Keep your devices secure and up to date—always install the latest security patches
  • Avoid scanning codes that feel out of place—trust your instincts!
  • Use antivirus protection on your phone—it can help spot suspicious sites
  • Report suspicious activity immediately—contact your bank and Action Fraud

In detail:

Start by treating any QR code with a healthy dose of skepticism, especially in public spaces. If it’s a sticker or it looks like it’s been placed over another sign, don’t scan it. Also, check for anything out of place—misaligned graphics, different branding, or signs of tampering.

 

I’d also strongly advise making sure that your smartphone and any payment apps are always running the latest software. Most scammers rely on outdated security to exploit weaknesses, so keeping everything updated adds a strong layer of defence. You may want to consider installing mobile antivirus apps too—they often scan websites in real time and can alert you to potential threats before you enter any information. And obviously, be very wary of being railroaded into

downloading unfamiliar apps you’ve never heard of.

 

Where possible, it’s always best to stick to cash or use card machines directly rather than scanning a QR code. Most legitimate car parks still provide physical payment options (and if they don’t, that’s worth complaining about!). If the machine appears to be QR-only, check for a printed phone number or website address instead—you can always double-check it later.

 

Finally, if you do accidentally scan a dodgy code and suspect you’ve been targeted, act quickly. Contact your bank, report it to Action Fraud, and monitor your account for unusual activity. Even small, seemingly harmless transactions like £2.99 can be a sign that scammers are testing your details before launching a bigger attack.

 

 

Perhaps the most important piece of advice I can give you is this: trust your gut. If something looks off or feels wrong, it probably is. Most legitimate car parks

should give you a decent window of time to pay, often for exactly this sort of reason—so that motorists can do their due diligence. On the other hand, if they are one of the more predatory companies (which sadly do exist) who don’t appear to give you sufficient time… well, to be honest, at that stage it might be simpler all

round to find another place to park.