QR Code Scams in Australia
How fraudulent QR codes are used in Australia to redirect payments, steal myGov credentials, and enable fake parking and dining payment fraud.
Part of: QR-Code Scams (Quishing)
Last reviewed: 1 June 2026
QR code scams in Australia exploit the rapid adoption of QR-based payment and verification following the COVID-19 pandemic. The ACSC and Scamwatch have both flagged QR phishing as an emerging threat, with fraudulent QR codes appearing on parking meters, restaurant tables, public notice boards, and in email and SMS phishing campaigns.
Australia's widespread use of QR codes for myGov check-ins, digital menus, and contactless payments means users have been conditioned to scan without pausing to verify the destination URL.
How this scam works on Australia
Fraudulent sticker QR codes are placed over legitimate QR codes on parking meters in capital cities and regional towns, redirecting payment to a scammer-controlled site that collects card details for a parking fee that is never processed with the council.
Restaurant and cafe QR menu codes are replaced with stickers linking to credential-harvesting pages designed to look like a payment or loyalty app login. myGov phishing campaigns use QR codes in printed letters — purportedly from the ATO or Services Australia — directing recipients to fake myGov login pages.
Email and SMS phishing in Australia increasingly embed QR codes rather than clickable links, knowing that scanning on a phone bypasses many desktop security filters.
Common red flags
- QR code sticker placed over what appears to be an original printed QR code on a meter or sign
- QR code on a parking meter that resolves to a website other than the official council payment portal
- QR code in a printed letter from a government agency requesting myGov login
- Restaurant QR menu code that leads to a payment page requesting card details
- Email or SMS containing only a QR code with urgent language about account access
How to protect yourself
- Check the URL previewed before tapping 'Open' when scanning a QR code
- Look for sticker QR codes placed over original codes on parking meters and public signs
- Access myGov and Services Australia only by typing the URL directly
- Legitimate council parking portals show the council's official domain — verify before paying
- Report suspicious physical QR code stickers to the venue or council immediately
How to report it
- Report to Scamwatch at scamwatch.gov.au
- Report to the ACSC at cyber.gov.au/report
- Contact your bank immediately if card details were entered through a QR-linked page
Frequently asked questions
How can I tell if a QR code on a parking meter in Australia is legitimate?
Look for signs that the QR code is a sticker placed over the original — raised edges, misalignment, or a slightly different surface finish. Check the URL the QR code resolves to before completing any payment. Official council parking portals use the council's .gov.au or official domain. If you are unsure, pay via the council's official app or phone number instead.