The parking garage one can be really insidious. The parking apps where I live in Canada have a terrible design; you absolute cannot start parking session without an account that requires you to input name, address, phone number, and then the app itself has other technical glitches that genuinely made me wonder if I had been scammed.
What makes it doubly so is that the parking companies have been removing the parking machine terminals in some locations. The Royal BC Museum in Victoria BC comes to mind last time I was there. I'd be surprised if someone hasn't at least tried a QR code scam on it by now.
Having lived in China for five years and seeing how it is done there (literally everywhere), I see this as a payment problem. There is no sensible, low cost payment infrastructure to support this safely. Instead most of the west has a fractured app ecosystem where each app ‘does payment’ rather than via a set of trusted payment apps that do the security up front and then passes to the provider. For example, in the article the photos show an anonymous QR code you’d scan with your camera, rather than in China where you’d use Alipay or WeChat, whose app you’d use to scan the QR. When I returned from China, it took a while to readjust to the heightened (and often expensive) friction of payments. Not saying scams don’t exist in China, just that the payment provider gives some guarantees on the veracity of the claim made by the QR code
The government saw the basic problem in 2019 - a fragmented market with over 30 different parking apps - and funded a pilot to create a single unified parking payment platform. Unfortunately, the new government isn't interested in supporting the project further.
https://www.theguardian.com/money/2025/feb/22/uk-wide-parkin...
How do you protect yourself from this? Treat public QR codes like "free" USB drives – don't use them?
Was wondering why such scams are not a thing in India (yet?), and realized there is always a person next to the QR to verify the payment. So such QR quishing scams are much harder to pull off.
[Not saying there are no scams in India. Just that QRs for payments are very popular here as well, and scammers are smart and active, so was wondering why not]
Why not a short URL where one can at least read the domain name and see if it looks reasonable before progressing with whatever the task ($£kr) is
Hey, guys, I have this crazy idea.
How about we have people give small bits of paper to other people to pay for things? Or maybe even wave small cards of plastic in front of things that can read them? Maybe how about not using my fucking phone for every goddamn thing?
Crazy, right? KTHXBYE.
Can we stop making new -ishing words for scams? This weird lingo is part of what turns the less savvy users off from paying much attention to their personal security. Just say a [type of] scam such as "a QR code scam" or "text message scams," etc.
We do not need to coin a new term for each one of these things and nobody is winning any prizes for adding more layers of abstraction to fight through when trying to communicate security concepts to the people who really need to listen to it.