You pull into downtown Las Vegas, excited for a night exploring Fremont Street. The parking meter shows a convenient QR code. You scan it with your phone, enter your payment details, and head off to enjoy your evening. Simple, right?
Here’s the thing: that code you just scanned might not be legitimate. While you’re thinking you’ve paid for parking, criminals could be draining your bank account. This isn’t some hypothetical threat either. It’s happening right now across American cities, including Las Vegas, and the scam is disturbingly simple to pull off.
What Exactly Is Quishing
Quishing is short for QR phishing, where scammers use QR codes to send people to fake websites that steal personal information. Think of it like those email phishing scams your grandmother always warned you about, except way sneakier. The problem is you can’t preview where a QR code will take you before scanning it, unlike a sketchy link in an email where you can at least hover over it first.
Tom Arnold, a cybersecurity expert who lectures on digital forensics and incident response at the University of Nevada, Las Vegas, points out that people have become so comfortable with QR codes that they barely think twice before scanning them. We’ve all done it at restaurants, events, and yes, parking meters. That trust is exactly what criminals are exploiting.
The Sticker Trick That’s Fooling Drivers
The scam itself is almost embarrassingly simple. There are reports of scammers covering up QR codes on parking meters with a QR code of their own, according to warnings issued by the Federal Trade Commission. Criminals print fake QR code stickers, walk up to parking meters in busy areas, and just paste them right over the legitimate codes. That’s it.
When you scan the fake code, it directs you to a fraudulent website designed to mimic an official payment portal, and instead of paying for your parking spot, you may end up handing your credit card details and personal data directly to criminals. The fake sites look incredibly convincing. They’ve got official-looking logos, professional layouts, everything you’d expect from a real parking payment page.
How Las Vegas Is On The Radar
The Federal Trade Commission recently issued a warning about fake QR codes appearing on package labels, parking meters, and payment notices. Las Vegas locals are taking notice. Cybersecurity experts say scammers are exploiting the public’s trust in QR codes to steal money and personal information through a scam known as quishing.
While large-scale incidents haven’t been widely reported specifically in downtown Las Vegas yet, a new QR code parking scam has been rising across Southern California, and Las Vegas could possibly be hit next. Given how many tourists and locals use parking meters around Fremont Street and downtown garages that feature QR payment options, the vulnerability is real.
California Cities Getting Hit Hard
California has become ground zero for these parking scams. In Redondo Beach, the city found fake QR codes stuck to about 150 parking meters along the Esplanade and Riviera Village area, glued next to the legitimate ParkMobile and PayByPhone labels. That’s not a handful of meters. That’s a coordinated criminal operation.
Fort Lauderdale officials warned locals and visitors about a parking payment scam involving fake QR code stickers on some city parking meters, with counterfeit stickers displaying a legitimate mobile app logo and directing users to fraudulent websites that attempt to steal their banking details. One victim in San Clemente scanned what looked like a legitimate code, entered his credit card information, and within two minutes his wife’s credit card company was calling about unauthorized charges.
The Massive Scale Of The Problem
QR code scams surged dramatically in 2025, with 26 percent of all malicious links now sent via QR code, and a staggering 73 percent of Americans scan QR codes without verification. Let’s be real: most of us are part of that 73 percent. When you’re rushing to park your car and get to dinner, who’s carefully inspecting a QR code for signs of tampering?
People lost around $1,225 each from QR code phishing scam hits in 2025. That’s not pocket change for most folks. The FBI Crime Report Center experienced an increase in crime complaints related to QR code phishing scams with rapid advancement between 2023 and 2025.
Why QR Codes Make Perfect Scam Tools
Here’s what makes QR code scams so effective: they hide everything. Quishing hides the bad link in the square, so nothing looks wrong at first, and it is harder because there is no sender name to doubt and no link to check. You’re essentially scanning a mystery box and hoping for the best.
It’s potent because scans happen on mobile, outside email defenses, and URLs are harder to inspect. Your phone’s security features and email filters that might catch a phishing attempt? They’re completely bypassed when you voluntarily scan a code with your camera. Thieves can use QR codes to send you to a website that’s phony, that installs malware on your device, or they’re trying to steal your information and make you think that you’re on a real website.
Red Flags To Watch For
Look closely at the QR code: is it part of the meter or sign, or a sticker placed on top, and if it looks out of place, don’t scan it. Honestly, this is your first and best defense. Legitimate QR codes are usually printed directly onto signs or built into the parking meter itself. If you see a sticker, especially one that looks slightly misaligned or has edges peeling up, that’s your warning sign.
If you see a QR code in an unexpected place, inspect the URL before you open it, and if it looks like a URL you recognize, make sure it’s not spoofed – look for misspellings or a switched letter. Check the website address carefully before entering anything. Is it “PayByPhone” or “PoyByPhone”? Scammers count on you being in a hurry and not noticing small differences.
How To Protect Yourself
Whenever possible download the official parking app for your city or provider directly from the Apple App Store or Google Play Store, and pay through the app rather than scanning codes on street signs. This is the single best protection. Apps like ParkMobile and PayByPhone are legitimate and secure when downloaded from official sources.
If you must use a QR code at a parking meter, slow down. If you see a QR code pasted on top of another, ask an employee about it, as the restaurant or retailer may have just updated their QR code, but it could also be a malicious code. Better yet, just pay at the meter directly with your card if that option exists.
What To Do If You’ve Been Scammed
Contact your bank or credit card company to report the fraudulent charge, request cancellation of the card if needed, watch for any further unauthorized transactions, and file a complaint at ReportFraud.ftc.gov where the FTC monitors and investigates scams like these. Time matters here. The faster you act, the better chance you have of limiting the damage.
If there is a cybercrime component like a phishing website or identity theft, you can report it to the FBI’s Internet Crime Complaint Center at ic3.gov. Monitor your bank statements obsessively for the next few weeks. Small charges you don’t recognize could be criminals testing whether your card still works before they make bigger purchases. Also, let the parking authority know about the fake code so they can remove it before more people fall victim.
The convenience of QR codes has made our lives easier in so many ways. Sadly, it’s also opened up a new avenue for criminals to exploit our trust. Next time you’re parking downtown in Vegas, take an extra ten seconds to look at that QR code before you scan. Your bank account will thank you. What would you do if you discovered you’d been scammed this way? Share your thoughts below.
