Fraudsters place fake QR codes over legitimate ones to steal payment information.

Police departments across major US cities are issuing warnings about a new "quishing" scam targeting QR codes in public places. Criminals place counterfeit QR code stickers over legitimate codes at parking meters, restaurant menus, EV charging stations, and even public transit ticket machines. When scanned, victims are directed to convincing phishing sites that steal credit card information, banking credentials, and personal data. Cities including Austin, San Antonio, Houston, Chicago, and San Francisco have reported hundreds of compromised parking meters. The FTC advises: always preview the URL before opening any QR code link, look for physical signs of tampering such as stickers placed over other stickers, and when in doubt, manually type known website addresses instead of scanning.