QR Code Scams Surge in Surrey

A 667% Rise Since 2019 as Criminals Target Public Spaces.

QR code-related scams in Surrey have surged by more than sixfold since 2019, new figures reveal — mirroring a dramatic national increase that experts say is the work of organised crime groups exploiting new technology to defraud the public.

According to Action Fraud data analysed by the BBC Shared Data Unit, the number of scams linked to QR codes in the Surrey Police area rose from just three in 2019 to 23 in 2024. In total, 54 reports have been recorded over the five-year period.

The technique, known as quishing, typically involves fraudsters placing fake QR codes — often stickers — over legitimate ones on parking meters, menus, or public signage. Unsuspecting users are redirected to malicious websites where personal data and payment details can be harvested.

Nationally, nearly 3,000 QR scams were reported between 2019 and 2024, with 1,386 cases reported in 2024 alone — up from 100 in 2019. In Surrey, the jump from 3 cases in 2021 to 11 in 2022 and 23 in 2024 marks a particularly sharp local escalation.

“Life savings lost”

Katherine Hart of the Chartered Trading Standards Institute warned the problem is vastly underreported. “People might only lose £2.99 initially and not realise they’ve passed their data to a criminal organisation,” she said. “But days or weeks later, they receive a call from someone pretending to be their bank or the police. These criminals already have your personal details and use them to wipe out your bank account.”

Hart described quishing as a “huge challenge” for global enforcement, with many scams tied to serious and organised crime. “We’ve seen huge amounts of money lost this way. People have seen their life savings gone — and that money is going to finance criminals,” she added.

Surrey councils and police urged to act

Local councils across the UK — including nearby Guildford — have issued public warnings, and experts are urging Surrey authorities to follow suit, especially given the rising number of incidents. The National Cyber Security Centre (NCSC) warned that QR codes in open spaces, such as car parks and train stations, pose a particular risk.

A spokesperson for the NCSC said: “When directed to a website by a QR code, take care to ensure it is genuine, and be cautious if you’re asked to provide excessive personal information.”

Detective Superintendent Gary Miles, head of the National Fraud Intelligence Bureau, urged the public to “stop and check” before scanning QR codes. “If the QR code looks tampered with or takes you to a site that doesn’t feel right, don’t share personal or financial information. Leave the website immediately,” he said.

Victims speak out

Cases nationwide have involved parking scams, fake menus, and bogus delivery notices. In one instance, a woman in Thornaby lost £13,000 after scanning a code at a railway station. Other victims have lost hundreds of pounds at seafront car parks or fallen for codes found on leaflets and packaging.

National Car Parks (NCP) has responded by increasing daily checks of QR codes on its machines and is considering removing some payment-linked QR codes altogether to reduce risk.

What can you do?

• Inspect QR codes before scanning. Look for stickers, tampering, or signs of damage.
• Be sceptical of QR codes in public spaces or unfamiliar emails/texts.
• Avoid entering financial details after scanning a QR code unless you are certain the site is legitimate.
• Report suspicious activity to your bank and Action Fraud at actionfraud.police.uk or call 0300 123 2040.

Wayne Stevens, National Fraud Lead at Victim Support, reminded the public: “There is a lot of embarrassment and shame around cyber fraud, but it is vital victims don’t blame themselves. If you’ve been impacted, contact Victim Support for free, confidential help.”

As QR codes become a mainstay in everyday life, vigilance in Surrey and beyond is now essential. What was once a convenient shortcut can, in the wrong hands, become a costly trap.