'Car park QR scam signed me up to gaming service'

When Jacki Jordan struggled to find a parking space at York Hospital, she opted to drive down the road to another site.

Grabbing the last spot at Wigginton Road Car Park, she would just about make her 11:30 GMT medical appointment.

At one of the information boards, the 70-year-old scanned a QR code, entered her name and email address, and paid £3 for two hours of parking.

What Jacki did not know was that she had actually been signed up to an entertainment website with a bi-weekly subscription fee.

Another login pop-up then appeared on Jacki's phone and she repeated the process, worried her payment had not gone through the first time.

It was only when she arrived home that she realised she had emails from two websites - jabberfeed.com and MagnetDrive.com - thanking her for signing up.

"Both had taken £3 from my account and when I checked on my banking app, they were both based in Cyprus," Jacki said.

"I rang the bank and they stopped the payments and I had my bank card stopped."

In the websites' terms and conditions, it stated users paid £3 for a three-day trial, which then automatically renewed as a full 14-day membership.

A payment of £17.49 would then be taken out of the user's bank account every 14 days from the day of subscription.

As Jacki unknowingly signed up to two different websites, this would have resulted in £70 being taken from her account every month if the bank had not intervened.

"I found the car park management company, Bransby Wilson Parking Solutions, and the girl I spoke to was very helpful," Jacki said.

"I was worried I'd get a fine for non-payment because none of the money had gone out to pay for parking.

"She said they did not have QR codes in their car parks and she would send someone out to look."

A spokesperson for Bransby Wilson said they had been made aware of the allegations last Tuesday and conducted a thorough investigation of the site.

"We can confirm that all payment methods available at our car parks are secure and endorsed by our company," they added.

They urged any customer who was uncertain about the payment process to get in touch.

"I was rushing and I suppose not paying attention," Jacki, from Strensall, added.

"It just looked like a proper QR code on the corner of the board. It never entered my head it could be a scam.

"These QR codes are everywhere now but I'd never use one again."

City of York Council were also made aware of the issue and had sent staff out to remove the fraudulent stickers.

Warning people on social media, a spokesperson said: "Fake QR codes have appeared on some pay by phone signs in our car parks.

"We are removing them where we find them, but please be vigilant."

They added the only way to pay by phone in council car parks was by the smartphone app.

The Chartered Trading Standards Institute warned car parking scams were on the rise.

Katherine Hart, lead officer for scams, doorstep crime and consumer vulnerability, said: "We are seeing these QR codes a lot more frequently these days, probably since Covid when we've become a little bit more of a cashless society.

"Where there are opportunities for people to pay remotely, criminals are exploiting that by putting up fake codes, either over the legitimate one or in close proximity to the legitimate one."

Ms Hart added this encouraged people to share their payment or personal details, which were used to data harvest or defraud the victim later on.

"We need people and those looking after public areas to do is to be more vigilant," she said.

"If you click on a QR code, just make sure it's taking you to the platform you think it's taking you to."

The British Parking Association said they had been notified a small number of car parks had been affected across the country.

A spokesperson warned tell-tale signs were when QR codes looked like they had been stuck over another QR code or appeared to be tampered with.

The name of the website should also correspond with the website on the parking sign.

Elsewhere in Yorkshire, other motorists have noticed a similar scam.

Sarah Croucher parked in Burley Road Car Park, near Leeds city centre, before Christmas.

"You had to scan a QR code, click on a link, which then took you to the app store to download an app," she said.

"Then you had to put your card details in, which I didn't like to do but I needed to pay, and I got a text from my bank straight away to say the payment could not go through."

Thankfully, Sarah did not lose any money due to her bank noticing the scam.

When contacted for comment, website Jabberfeed initially asked the BBC for credit card details to "access their account".

The following day, they said they took Jacki's situation "very seriously" and an investigation found there had been an issue in "Google Targeting".

They claimed it had been resolved and refunds had been issued accordingly.

Similarly, MagnetDrive said: "We are deeply concerned about this situation and have thoroughly investigated the incident.

"Our findings indicate that our website was compromised by a scam."

They also claimed it had since been resolved and they were taking "robust measures" to strengthen their systems.

Listen to highlights from North Yorkshire on BBC Sounds, catch up with the latest episode of Look North or tell us a story you think we should be covering here.