Quishing Wave in Dortmund 2025: How Fake QR Codes Deceive Drivers
Once again, fake QR codes have been discovered on parking meters in downtown Dortmund. A chronology of fraud cases and how QRTrust can protect.
Once again, fake QR codes have been discovered on parking meters in downtown Dortmund. The city administration announced on November 4 that manipulated stickers have already been removed. But this incident is not an isolated case – it's part of a concerning series of quishing attacks that have plagued Dortmund since the beginning of 2025.
What Happened?
The latest wave of attacks affected parking meters in downtown, Wallring, the clinic district, and Kaiserstraße. Fraudsters had covered the official QR codes with fake stickers. Those who scanned these codes didn't land on authorized parking apps, but on manipulated websites that phished for credit card data.
The insidious part: The fake sites look deceptively real. Drivers enter their sensitive payment details – and receive no parking ticket. Instead, the data goes directly to the criminals.
Timeline: A Year of Quishing Attacks
January 2025: The First Major Strike
- Around 90 parking meters in downtown Dortmund were affected
- Approximately one-third of all devices
- Fraudsters systematically covered original QR codes of official parking app partners
- Days after discovery, stickers reappeared on already cleaned machines
February 2025: Attacks Continue
About 50 new cases were reported. Perpetrators remained active and adapted their strategy.
March 2025: Expansion to Charging Stations
The fraud scheme expanded:
- Fake QR codes on DEW charging stations in Dortmund
- Promised allegedly cheap flat rates for charging
- Led to a fraudulent WhatsApp chat
- Goal: Access to smartphones and personal data
September 2025: Thier-Galerie Targeted
- Around 20 parking meters near Thier-Galerie manipulated
- Again credit card data theft through fake websites
November 2025: Pre-Christmas Period as Target Phase
The most recent cases show: Perpetrators deliberately exploit the busy pre-Christmas season when many people are downtown needing parking spaces.
The Danger: Quishing is Hard to Detect
Quishing (a combination of "QR code" and "phishing") is so dangerous because:
1. Humans cannot read QR codes
You can't tell where a code leads just by looking
2. Trust in the environment
Who would expect fraud at an official parking meter?
3. Time pressure
Drivers want to park quickly and scan without questioning
4. Professional forgeries
Stickers and websites look deceptively real
Why the City's Recommendations Are Not Enough
The City of Dortmund relies on treating symptoms: removing stickers, warning citizens. But these reactive measures have already failed multiple times in 2025 – perpetrators simply put up new codes within days. Physical tickets are not a solution for a digital future.
The problem: Reactive measures cannot stop the perpetrators. Only proactive technological protection works.
The Only Real Solution: QRTrust
While the City of Dortmund removes stickers, QRTrust offers the only sustainable solution: Technological protection that prevents quishing attacks before damage occurs.
How QRTrust Protects Proactively
Protect before scanning:
- 6-layer security check – Every QR code is checked against PhishTank, Google Safe Browsing, local threat database, and our AI
- Redirect tracking – QRTrust follows up to 5 redirects and checks the final destination
- Real-time warning – Before you visit the site, you know if it's safe
Enterprise Solution for Municipalities:
- Secure QR codes on municipal machines – QRTrust can certify official QR codes
- Monitoring dashboard – Real-time detection of suspicious scan patterns
- Automatic alerts – Immediate notification to administration and police for suspicious codes
- Chain of evidence – Legally sound documentation for prosecution
What Would Have Happened with QRTrust?
Scenario: A Dortmund resident scans a fake QR code
Without QRTrust:
- Scan → Redirect to fake site
- Enter credit card details
- Data loss & no parking ticket
- Possible credit card misuse
With QRTrust:
- Scan with QRTrust app
- ⚠️ WARNING: Suspicious URL detected
- QRTrust shows: "This site is not in our database of official parking apps"
- User is warned and doesn't scan
- Damage prevented!
For Dortmund: QRTrust as Municipal Solution
The City of Dortmund could build a proactive protective shield with QRTrust:
Phase 1: Citizen App
- Free QRTrust app for Dortmund citizens
- Education campaign: "First scan with QRTrust, then pay"
- Integration with municipal information channels
Phase 2: Certified QR Codes
- All official parking apps added to QRTrust whitelist
- QRTrust shows green checkmark for verified codes
- Forgeries automatically detected
Phase 3: Smart City Integration
- Sensors on parking meters detect manipulations
- Automatic reporting to Public Works and police
- Real-time dashboard for city administration
Call to Action: Act Now!
For Dortmund Citizens:
- Bookmark QRTrust WebApp now – Free protection against quishing
- Check all QR codes before scanning – Even in supposedly safe places
- Report suspicious codes – Via QRTrust directly to police
For the City of Dortmund:
The repeated attacks show: Reactive measures aren't enough. The city needs a proactive digital security solution.
QRTrust, as a Dortmund startup (start2grow participant), is ready to cooperate with the city.
Kontakt für Kommunen: contact@qrtrust.eu
More info: qrtrust.de/enterprise
Conclusion: Quishing Becomes an Everyday Threat
The Dortmund quishing wave 2025 is not a local phenomenon. Nationwide, attacks with fake QR codes are increasing. Parking meters are just the beginning – charging stations, government letters, restaurant menus, and ticket machines are the next targets.
The solution doesn't lie in removing more stickers, but in technological protection. QRTrust makes the invisible visible: We show you where a QR code leads before you give up your data.
Dortmund can become a pioneer – as the first major German city with comprehensive QR code protection.
Sources
- Ruhrnachrichten: "Dortmund: Quishing – Fake QR Codes on Parking Meters – Timeline 2025" (8. November 2025) →
- • City of Dortmund, Public Works Department (Announcement from November 4, 2025)
- • Dortmund Police, Criminal Division
*About QRTrust: QRTrust is Germany's first QR code security platform, developed in Dortmund. With AI-powered real-time detection, local threat database, and 6-layer security check, QRTrust protects citizens, authorities, and businesses from quishing attacks. GDPR compliant, hosted in Germany. Participant in start2grow, the startup competition of Dortmund Economic Development.*