How to Protect Yourself From EV Charging Station Scams

As electric vehicle adoption accelerates, scammers are following the money to public charging stations. Fake QR codes pasted over legitimate ones, card skimmers attached to payment terminals, fraudulent charging apps, and compromised charging networks are all being used to steal payment credentials and personal data from EV drivers. Quishing incidents — QR code phishing — surged 146% in the first quarter of 2026 alone, with nearly 18.7 million cases recorded in March. If you charge your EV at public stations, here is what you need to know to avoid becoming a victim.

How EV Charging Station Scams Work

EV charging stations are an appealing target for scammers because they combine several vulnerability factors: unfamiliar payment systems, drivers in a hurry, QR codes as a primary interface, and a rapidly growing user base that includes many first-time EV owners who do not yet know what legitimate charging interactions should look like.

Fake QR Code Overlays

This is the most common and fastest-growing EV charging scam. Criminals place a fraudulent QR code sticker directly over the legitimate QR code on a charging station. When you scan the fake code, your phone opens a convincing replica of the charging network's payment page. You enter your credit card number, CVV, and billing information — and it goes straight to the scammer. The fake page may even display a loading animation or error message to buy time before you realize the charger never activated.

These sticker overlays are inexpensive to produce and easy to apply. Reports of this scam have appeared across the United States, the United Kingdom, and throughout Europe, particularly in France where remote charging stations have been heavily targeted.

Card Skimmers on Payment Terminals

The same skimming technology that has plagued gas station pumps and ATMs for years is migrating to EV charging stations. Criminals attach thin card-reading devices over the card slot on a payment terminal. The skimmer captures your card number and PIN when you insert or swipe your card. Unlike QR code scams, skimmers do not prevent the charger from working — your car charges normally while your card data is silently recorded, making the scam harder to detect.

Fraudulent Charging Apps

Scammers create fake mobile apps that mimic legitimate charging networks. These apps appear in search results when drivers look for nearby chargers and may show up in app store listings with names and icons designed to confuse users. Once installed, a fake app can harvest payment credentials, request excessive permissions, or install malware that monitors your device for banking activity.

Compromised Charging Networks

In more sophisticated attacks, criminals target the charging network's infrastructure directly. According to the Upstream Automotive and Smart Mobility Global Cybersecurity Report, cyber incidents targeting EV infrastructure rose sharply in 2024. Compromised networks can intercept payment data in transit or redirect payments through a malicious intermediary.

How to Spot a Fake QR Code at a Charging Station

Before scanning any QR code at a charging station, perform these checks:

• Run your finger over the QR code. If it feels raised, has visible edges, or seems like a sticker applied over another surface, it is likely fraudulent. Legitimate QR codes are printed directly onto the station's signage or screen.
• Look for misalignment. A sticker QR code may be slightly crooked, a different size than expected, or positioned oddly relative to the surrounding text and branding.
• Check for duplicate codes. If you can see two QR codes — one underneath a sticker — the top one is almost certainly a scam.
• Preview the URL before opening it. Most smartphones show a URL preview when you scan a QR code. The domain should match the charging network (e.g., chargepoint.com, electrifyamerica.com, evgo.com). Watch for misspellings, extra characters, or unfamiliar domains like "charge-p0int-pay.com."
• Compare with the station's branding. Does the QR code's destination match the company name on the charging station? If the station is branded ChargePoint but the QR code sends you to a generic payment page, stop.

Safe Charging Practices

Follow these habits every time you use a public charging station:

1. Use the official charging network app

   Download the official app for each charging network you use — ChargePoint, Electrify America, EVgo, Tesla, and Blink all have verified apps in the Apple App Store and Google Play Store. Start and pay for sessions through the app rather than scanning QR codes. This eliminates the QR code attack vector entirely.

2. Use contactless payment when available

   Tap-to-pay with Apple Pay, Google Pay, or a contactless credit card is significantly safer than inserting a card or scanning a QR code. Contactless payments use tokenized transaction data that cannot be reused if intercepted.

3. Inspect the card reader before inserting your card

   Give the card reader a firm wiggle. Skimmers are attached over the real reader and can often be detected because they are loose or slightly misaligned. If anything feels wrong, do not insert your card.

4. Never download a charging app from a QR code

   If a QR code at a station prompts you to download an app, do not do it. Always search for and download charging apps directly from your phone's official app store. Verify the developer name and check reviews before installing.

5. Use a credit card, not a debit card

   Credit cards offer stronger fraud protection than debit cards. If your credit card is compromised, your liability is typically capped at $50. With a debit card, stolen funds come directly from your bank account and can take weeks to recover.

6. Keep your apps and vehicle firmware updated

   Software updates patch known security vulnerabilities. Enable automatic updates for charging apps and check your vehicle manufacturer's website for firmware updates.

What to Do If You Have Been Scammed

If you suspect you entered payment information on a fraudulent charging site or used a compromised terminal, take these steps immediately:

1. Contact your bank or credit card issuer. Report the compromised card, request a freeze or cancellation, and dispute any unauthorized charges. Ask for a replacement card with a new number.
2. Change your passwords. If you entered login credentials on a fake charging site, change your password for that charging network immediately. If you reuse that password on other accounts, change those too.
3. Check your phone for suspicious apps. If you downloaded anything from a QR code at a charging station, delete it immediately and run a security scan on your device.
4. Monitor your accounts. Watch your bank and credit card statements closely for the next 60 to 90 days. Set up transaction alerts so you are notified of every charge.
5. Report the scam. File a complaint with the FTC at reportfraud.ftc.gov and the FBI's Internet Crime Complaint Center at ic3.gov. Report the tampered station to the charging network operator so they can inspect and secure it.
6. Report the physical QR code. Notify the charging station operator and, if the station is in a public parking area, alert the property manager. Removing the fake QR code prevents other drivers from being scammed.

The Data Broker Connection

EV charging scams become more dangerous when criminals can cross-reference stolen payment data with your personal information on data broker sites. A scammer who has your credit card number from a skimmer and can look up your full name, address, and phone number from a people-search site has everything needed to commit identity theft or launch targeted phishing attacks against your household.

How PrivacyOn Protects EV Drivers

PrivacyOn removes your personal information from 100+ data broker and people-search sites, reducing the amount of data available to criminals who may already have your payment credentials from a charging station scam. With 24/7 dark web monitoring, PrivacyOn alerts you if your stolen card numbers, email addresses, or login credentials appear in criminal marketplaces — often before you notice unauthorized charges on your statement. PrivacyOn's family plans cover up to 5 people starting at just $8.33 per month, protecting everyone in your household who uses public EV chargers. In a world where a single scanned QR code can compromise your financial life, reducing your digital footprint is one of the most effective defenses available.