Organised crime gangs are behind a sharp rise in scams linked to fraudulent QR codes, experts say.
The national fraud reporting centre Action Fraud received 1,386 reports of people being targeted last year, compared with 100 in 2019.
Contactless payment hotspots – like parking meters and restaurant menus – are common targets of criminals who stick their own QR codes on signage.
Katherine Hart, lead officer at the Chartered Trading Standards Institute, said: "We've seen huge amounts lost this way. People have seen their life savings gone and that money is going to finance criminals."
She said quishing was significantly under-reported and presented a "huge challenge" to authorities globally.
'Hierarchy of criminals'
Fraudulent and misleading codes have also been spotted on parcels, in emails and on television.
People who scan them using mobile phones and other electronic devices are directed to websites controlled by the scammers and tricked into handing over data such as bank details.
Ms Hart said some of those placing the codes were likely to be at the bottom of a hierarchy of organised criminals and may not be aware of the implications of their actions.
Action Fraud statistics obtained by the BBC's Shared Data Unit suggest a rapid growth in this kind of scam, with recorded incidents more than doubling in the UK between 2023 and 2024.
Over the past five years, Action Fraud received almost 3,000 reports in total, with a fifth of those linked to the Metropolitan Police force area.
Milton Haworth used his mobile phone to scan a QR code at a council-run car park in Castleford, West Yorkshire.
It directed him to download an unauthorised app, from which he agreed a 90p fee to verify bank details.
But instead of paying to park, he found himself signed up to a subscription service with a £39 yearly fee and no refunds offered.
"I'd assumed I'd paid for my parking but realised it was a scam when I noticed the next day that £39 had gone out of my account," he said.
"The sign said to use the code to park and I hadn't ever heard of QR codes being used as a scam."
Mr Haworth blames the spike in cases on authorities "not taking this seriously enough".
He said: "Nobody seems to care, there doesn't seem to be anyone trying to find these people.
"It's incumbent on the authorities to go after them but I don't think they do because it's small amounts taken, not multimillions.
"But if it's £39 a month, what if there's a million people being duped?"
'Stay vigilant'
Ms Hart said victims often lost small amounts initially as those responsible gathered the data they needed to launch a "secondary scam".
"You might lose £2.99 and a lot of people won't report that and don't realise they've passed on their information to a criminal organisation," Ms Hart said.
"Days or weeks later, they get a call telling them they've been the victim of a fraud and they can pinpoint a day, because they already have all of the information you shared with them earlier.
"They convince you using very coercive tactics that they're from your bank, police or Trading Standards and they want to take everything you've got."
Experts including the National Crime Agency and the National Cyber Security Centre say it is vital that people "stay vigilant to cyber criminals".
Kirsty Blackman, Scottish National Party MP for Aberdeen North, spoke to the BBC after removing fake QR codes from parking machines in the city.
She said tackling the problem was "genuinely difficult", adding: "Organised criminals are there to make money in whatever way they can and I think they'll scam people whatever we do. It's about trying to whack the moles as they pop up."
She said the more victims filed reports with Action Fraud, the better police could take action.
"QR codes can be really useful," she said. "My kids' school sends them out regularly to share information, for example. That's why it's difficult for people to tell the difference between a legitimate code and a fake one.
"When you're scanning a code to pay for something, that's when you really need to stop and think."
