EV Charger QR Code Scam: What It Is and What to Do

How the EV charger QR code scam works

Public EV charging stations from networks like ChargePoint, Blink, EVgo, and Electrify America all use QR codes as a convenient way to start a session without opening an app. Attackers exploit that convenience by placing a small sticker printed with a malicious QR code directly over the legitimate one on the station's screen or instruction panel.

The sticker is often professionally printed and difficult to distinguish from the original at a glance — especially in a parking garage, at night, or when you're in a hurry to get your car charging and get on with your day. You scan, a page opens that looks like a payment form, and you enter your card number expecting to pay for electricity. Instead, you've handed your card details to a phishing server.

The mechanics are nearly identical to gas station pump QR code scams, which have been documented at hundreds of fuel stations across the US. EV chargers are an appealing new target: they're in high-traffic locations, widely trusted, and most drivers are still unfamiliar with what a legitimate charging payment screen looks like.

Real charging network vs. phishing page: what to look for

Knowing what a legitimate payment flow looks like is your best defense. Here's how to tell them apart before you type a single digit.

Signs of a legitimate charging network page:

• The URL matches the network exactly — chargepoint.com, blinkcharging.com, evgo.com, electrifyamerica.com
• It opens the official network app, or prompts you to download it, rather than a web payment form
• Guest payment (paying without an account) is handled through a clearly branded checkout that looks consistent with the rest of the site
• The station ID shown on screen matches what's physically labeled on the charger

Red flags on a phishing page:

• A lookalike domain — ev-chargepoint.com, blink-charging-pay.net, or any domain that isn't the exact official one
• A generic card form that asks for your full card number, expiration, and CVV on the very first screen with no account context
• Branding that looks slightly off: wrong shade of color, compressed logo, mismatched fonts
• No station ID or confirmation that you're paying for a specific charger

When in doubt, open the charging network's app directly rather than following the QR code. Every major network has a free app that lets you find and start a session by entering a station ID manually.

What to do right now

If you scanned a charging station QR code and are now unsure whether the page was legitimate, your response depends on how far you got.

If you only scanned and didn't enter any payment information: Your risk is low. Close the page, don't return to it. If you want to charge your car, open the network's official app directly.

If you entered your credit or debit card details, act immediately:

1. Call your card issuer now. Use the number on the back of your card — not a number from any page you visited. Report the card as potentially compromised and ask them to freeze it and issue a replacement.
2. Watch for test charges. Attackers often run a $0–$1 authorization or a small transaction to verify the card before selling it or making larger purchases. Report any unrecognized charge, however small.
3. Report to the charging network. Contact ChargePoint, Blink, or whichever network's branding was used. They can send someone to inspect the station and remove the sticker before other drivers are affected.
4. File a report with the FTC at reportfraud.ftc.gov. Your report helps the FTC track fraud patterns and build enforcement cases.

For a full step-by-step guide on recovering after any suspicious QR scan, see what to do if you scanned a suspicious QR code. For detailed advice on card compromise specifically, see QR code credit card scam: what happens and what to do.

Frequently asked questions