Flyer Behind Your Wiper? Poland Warns of New 'Tax Office' Quishing Scam

What Happened?

In Poland, media and authorities are warning of a new, sophisticated quishing scheme: criminals are slipping flyers under the wipers of parked cars that look like official notices from KAS, the Polish National Revenue Administration. With agency logo, case number and a sense of urgency, the cards look fully authentic at first glance.

The flyer carries a QR code – supposedly to verify an 'outstanding claim' or 'complete your data'. Anyone who scans it lands on a deceptively accurate replica of a government website. There, the page asks for a 'top-up payment', the PESEL number (Poland's national identification number) and login or credit card data.

KAS explicitly states that the tax authority does not leave payment notices under windshield wipers and never processes payments via random QR codes. Any such flyer is, with near certainty, an attempted fraud.

The Scam in Five Steps

Criminals print official-looking flyers with agency logo, case number and 'payment demand'
The flyers are slipped under wipers at busy parking lots – preferably downtown, hospital and shopping-centre lots
The driver scans the QR code to quickly resolve the supposed claim
A cloned gov.pl page asks for PESEL, address, login and a 'small top-up' by credit card
With the stolen data, the criminals hijack accounts, trigger debits or resell the identity on the dark web

Warning Signs: How to Spot the Fake

Official Notice on Your Car

Neither tax office, police nor city authorities leave payment demands under windshield wipers. An 'official letter' on your windshield is, by definition, suspicious.

QR Code for 'Payment'

Real authorities never process payments via random QR codes. If you are asked to pay via QR, you are almost certainly dealing with fraudsters.

Time Pressure and Threats

Phrases like 'final notice', 'act immediately' or 'enforcement action imminent' are classic phishing markers designed to trigger a rushed reaction.

No Official Contact Channel

Real authorities always provide phone, postal address and a verifiable case number – never just a link or QR code on a flyer.

Why This Scam Will Also Hit Germany and Beyond

Quishing has been spreading across Europe since 2024. What is happening today in Warsaw and Krakow typically lands in Germany and the Netherlands within weeks. We already know: fake bank letters (Tauberbischofsheim, March 2026), manipulated parking meters (Dortmund, since January 2025) and tampered EV charging stations (Schwabenheim, March 2026). The flyer behind the windshield wiper is the logical next step – a perfect cold-channel attack right at the parked car.

How to Protect Yourself

• Ignore flyers behind windshield wipers that carry an agency logo and QR code – they are almost always a scam
• Never scan QR codes from unknown sources, especially if they demand a payment
• Never enter personal or payment data on pages you reached via a QR code
• Verify every supposed claim directly with the tax office, city hall or your bank – via official phone numbers, not the contact on the flyer
• Report suspicious flyers to local police and photograph both the flyer and where you found it

QRTrust: Check Before the Scan – Not Damage After

With QRTrust, you check every suspicious QR code before opening the destination. Our 6-layer analysis runs in real time against PhishTank, Google Safe Browsing and our own AI – before you ever land on a fake page.

That way, the tax office, police and your bank remain the only parties who actually receive your data. 100% GDPR compliant, hosted in Germany.

Check QR Codes Securely Now →

Source

autocentrum.pl – Kartka za wycieraczką? To może być oszustwo 'na KAS' (April 20, 2026) →

*About QRTrust: QRTrust is Germany's first QR code security platform, developed in Dortmund. With AI-powered real-time detection, QRTrust protects citizens and businesses from quishing attacks. 100% GDPR compliant, hosted in Germany.*