Quishing at EV Charging Station: Fake QR Code Redirects to Phishing Site
A fake QR code sticker was discovered on a public EV charging station in Schwabenheim, Germany. A driver was redirected to a fraudulent website – criminals attempted to charge his credit card.
What Happened?
On March 9, 2026, a man tried to charge his electric vehicle at a public charging station on the market square in Schwabenheim an der Selz (Rhineland-Palatinate, Germany). The station had a sticker with a QR code that appeared to be from energy provider 'RWE'.
The victim didn't initially notice that the charging station was actually operated by 'EWR' – not RWE. After scanning the QR code, he was redirected not to the legitimate operator's website, but to a fraudulent phishing page.
The fraudsters subsequently attempted to charge the man's credit card without authorization. Fortunately, the payment was not approved – the victim suffered no financial damage. Mainz police are investigating.
How the Charging Station Scam Works
- Criminals stick fake QR code stickers over the original QR codes on public EV charging stations
- The fake sticker bears a well-known brand name (here: RWE instead of the actual operator EWR)
- When scanned, the user is redirected to a deceptively authentic phishing website
- The fake page requests credit card data or payment information
- With the stolen data, the criminals immediately attempt unauthorized transactions
Warning Signs: How to Spot Fake QR Codes at Charging Stations
Sticker Over Original
Check if the QR code is a sticker placed over another code. Feel the surface – stickers often have raised edges.
Wrong Provider
Does the name on the QR code match the actual operator of the charging station? In the Schwabenheim case, 'RWE' was on the fake sticker, but the real operator was 'EWR'.
Suspicious URL After Scanning
Check the URL in the address bar after scanning. Official charging apps and websites have well-known domains.
Immediate Credit Card Request
Legitimate charging providers don't request direct credit card input via QR codes. Use the provider's official app instead.
Why EV Charging Stations Are a Popular Target
EV charging stations are located in public places, often unmonitored, with QR codes for payment clearly visible. Users are accustomed to scanning QR codes for charging – making them an ideal target for quishing. Cases are increasing nationwide at parking meters, charging stations, and public facilities.
How to Protect Yourself When Charging
- • Preferably use the charging operator's official app instead of QR codes
- • Check if the QR code is an additional sticker – carefully scratch at the edge
- • Compare the provider name on the QR code with the name on the charging station itself
- • Verify the URL after scanning – never enter payment data on unknown sites
- • Report suspicious QR codes to the charging station operator and police
QRTrust: Safe Charging with Verified QR Codes
Scan suspicious QR codes at charging stations, parking meters, or public facilities with QRTrust before entering your payment data. Our 6-layer security analysis detects phishing URLs in real-time.
QRTrust checks against over 1 million known phishing URLs and uses AI-powered pattern recognition. 100% GDPR compliant, hosted in Germany.
Check QR Codes Securely Now →*About QRTrust: QRTrust is Germany's first QR code security platform, developed in Dortmund. With AI-powered real-time detection, QRTrust protects citizens and businesses from quishing attacks. 100% GDPR compliant, hosted in Germany.*