# QR Code Scams at Campgrounds and National Parks: What to Know Before You Scan

> Campgrounds and national parks rely on QR codes for reservations, day-use passes, and trail maps — but remote, low-connectivity settings make it nearly impossible to verify a URL before you hand over your card. Here's what scammers are doing and how to stay safe.

URL: https://www.qrsafer.com/blog/campground-qr-code-scams
Published: 2026-05-01

---

You pull into the campground after a long drive, and a small kiosk at the entrance displays a QR code: scan to pay your site fee and proceed. You're tired, the kids are restless, and the process takes ten seconds. You scan, enter your card, and move on.

That transaction may have gone nowhere near the campground.

Campgrounds, national parks, and state recreation areas have increasingly shifted to QR-code-based payment and information systems — reservation kiosks, day-use pass displays, trail-map downloads, and fee-envelope stations have all adopted scan-to-pay or scan-to-access formats. The problem is structural: these kiosks are unattended, often unstaffed overnight, located in remote areas with limited cellular service, and visited by people whose focus is on getting to their site, not scrutinizing a URL. It's a near-perfect environment for the same sticker-QR-code attack that targets [parking meters](/fake-parking-meter-qr-code-scam) and other unattended payment terminals.

Here are the three variants operating at campgrounds and parks right now.

## Variant 1: Fake reservation and site-fee payment QR codes

This is the most financially damaging variant, and it works because it targets people at the moment they expect to pay.

An attacker visits the campground entrance kiosk — typically a self-pay station or an electronic fee board — and places a printed sticker QR code over the legitimate one. The sticker is sized to cover the original exactly. At a campground entrance that processes dozens of transactions a day, and where staff may only visit the kiosk once or twice daily to collect fee envelopes, the tampered code can remain in place for days.

The destination is a page that mimics the campground's or park's payment interface: a plausible fee summary, a field for your card number, and a "confirm" button. After you submit, you receive no confirmation receipt, and the real park fee system has no record of payment. Campers sometimes discover the problem only when a ranger visits their site and informs them they haven't paid.

**The tell:** Legitimate Recreation.gov pages use only the recreation.gov domain. State park payment pages use an official government domain (look for .gov). If the URL in your browser shows anything else — particularly a domain with hyphens, extra words, or an unfamiliar payment processor — close the browser immediately and pay by fee envelope or call the park.

## Variant 2: "Scan to display your day-use pass" QR codes

The second variant targets day visitors — hikers, picnickers, and beach-goers who need to display a paid day-use permit on their dashboard.

Attackers leave printed flyers on windshields in trailhead parking areas, or place sticker QR codes on pay-station signs. The message is urgent and plausible: "NEW — Display your day-use pass digitally. Scan to pay and display." The QR code leads to a fake fine-payment portal that mimics the park authority's website, collects a "permit fee," and promises a digital pass that never arrives.

Because day-use permits are a real and common requirement at popular national parks and recreation areas, visitors don't question the premise. The low transaction amount (typically $5–15) also means many victims assume the charge went through correctly and don't notice until they're turned away at the trailhead — or until an unexpected charge appears on their statement.

This variant is closely related to [traffic-ticket payment scams](/speeding-ticket-qr-code-scam), which use the same urgency-and-authority playbook to collect fake fines via QR code.

**The tell:** Legitimate day-use payment and display instructions appear on posted signage that matches the park service's official fonts and branding, and the URL will be a .gov domain. Any QR code left on your windshield by a stranger should be ignored — contact the park directly if you're unsure about permit requirements.

## Variant 3: Fraudulent trail-map and nature-center QR codes

The third variant harvests personal information or installs tracking apps under the guise of free, useful content.

Fake QR codes on nature-center display boards, trailhead information posts, or campground bulletin boards offer a "downloadable trail map," a "campground guide," or a "wildlife spotting list." The QR code leads to a form requesting your name and email "to send the PDF," or to a link that downloads an app outside the official app stores. The email address is used for phishing follow-up campaigns; the fake app may request location and contact permissions beyond what a trail-map app would ever need.

Nature-center kiosks and trailhead bulletin boards are easy to add signage to — a printed card slipped into a display rack or taped to a post requires no technical access.

**The tell:** Official park trail maps are always available directly on the park's website, through the official Recreation.gov app, or as printed copies at the ranger station — free and without entering your email. Any QR code that leads to a form before giving you a map is a red flag.

## What to do if you entered payment information on a suspicious page

**If you entered card details:** Contact your card issuer immediately and report the charge as potentially fraudulent. Request a new card number and monitor your statements for small test charges.

**If you were charged but received no confirmation:** Call the campground or park directly using the number on their official website (.gov or recreation.gov) to verify whether payment was received.

**If you downloaded an app:** Delete it immediately. Review the permissions it requested and revoke any access it was granted. Check for apps with similar names in your phone's installed apps list.

## What to remember at campgrounds and national parks

- Unattended kiosks in remote locations are among the easiest targets for sticker QR code attacks — assume any unfamiliar URL on an outdoor payment terminal deserves scrutiny.
- Low or no cellular service means you may not be able to load a second tab to verify the URL — when in doubt, pay by fee envelope with cash or check and move on.
- Summer camping season brings peak attacker activity alongside peak visitor traffic.
- The same sticker-QR playbook that operates here also operates at [parking meters](/fake-parking-meter-qr-code-scam) and other unattended outdoor payment terminals — the setting changes, the attack doesn't.

## See also
- [What to Do If You Scanned a Suspicious QR Code](/blog/what-to-do-if-you-scanned-a-suspicious-qr-code)
- [Fake Parking Meter QR Code Scam](/fake-parking-meter-qr-code-scam)
- [Amusement Park QR Code Scams](/blog/amusement-park-qr-code-scams)
- [EV Charger QR Code Scam](/ev-charger-qr-code-scam)
- [QR Code Threat Map](/threat-map)

Download QRsafer for [iOS](https://apps.apple.com/app/qrsafer/id6743708403) or [Android](https://play.google.com/store/apps/details?id=com.bedrockdigitalsolutions20.qrsafer) and scan any campground or park QR code before your browser opens it. It takes two seconds and tells you whether the destination is safe before you hand over your card or personal information.