QR Code Scams in Australia
How fraudulent QR codes are used in Australia to redirect payments, steal myGov credentials, and enable fake parking and dining payment fraud.
Part of: QR-Code Scams (Quishing)
Last reviewed: 1 June 2026
QR code scams in Australia exploit the rapid adoption of QR-based payment and verification following the COVID-19 pandemic. The ACSC and Scamwatch have both flagged QR phishing as an emerging threat, with fraudulent QR codes appearing on parking meters, restaurant tables, public notice boards, and in email and SMS phishing campaigns.
Australia's widespread use of QR codes for myGov check-ins, digital menus, and contactless payments means users have been conditioned to scan without pausing to verify the destination URL.
How this scam works on Australia
Fraudulent sticker QR codes are placed over legitimate QR codes on parking meters in capital cities and regional towns, redirecting payment to a scammer-controlled site that collects card details for a parking fee that is never processed with the council.
Restaurant and cafe QR menu codes are replaced with stickers linking to credential-harvesting pages designed to look like a payment or loyalty app login. myGov phishing campaigns use QR codes in printed letters — purportedly from the ATO or Services Australia — directing recipients to fake myGov login pages.
Email and SMS phishing in Australia increasingly embed QR codes rather than clickable links, knowing that scanning on a phone bypasses many desktop security filters.
Common red flags
- QR code sticker placed over what appears to be an original printed QR code on a meter or sign
- QR code on a parking meter that resolves to a website other than the official council payment portal
- QR code in a printed letter from a government agency requesting myGov login
- Restaurant QR menu code that leads to a payment page requesting card details
- Email or SMS containing only a QR code with urgent language about account access
How to protect yourself
- Check the URL previewed before tapping 'Open' when scanning a QR code
- Look for sticker QR codes placed over original codes on parking meters and public signs
- Access myGov and Services Australia only by typing the URL directly
- Legitimate council parking portals show the council's official domain — verify before paying
- Report suspicious physical QR code stickers to the venue or council immediately
How to report it
- Report to Scamwatch at scamwatch.gov.au
- Report to the ACSC at cyber.gov.au/report
- Contact your bank immediately if card details were entered through a QR-linked page
Frequently asked questions
How do fraudulent QR codes redirect parking or dining payments in Australia?
Scammers place fake QR code stickers over legitimate ones on parking meters or restaurant tables, leading to a cloned payment page that captures your card details while you believe you're paying the real vendor. Always check whether the QR sticker looks tampered with or oddly placed over an existing code.
What should I do if I entered myGov credentials after scanning a fake QR code?
Change your myGov password immediately from a separate device, and check your linked services (Medicare, ATO, Centrelink) for any suspicious activity. Report the incident to myGov support and to Scamwatch.
Can I get a refund if I paid through a fake QR code parking or dining scam?
Contact your bank or card provider to dispute the charge as soon as you notice it. Report the fake QR code location to the venue and to Scamwatch. Whether a refund is possible may depend on the payment method and timing.
How can I tell if a QR code on a parking meter in Australia is legitimate?
Look for signs that the QR code is a sticker placed over the original — raised edges, misalignment, or a slightly different surface finish. Check the URL the QR code resolves to before completing any payment. Official council parking portals use the council's .gov.au or official domain. If you are unsure, pay via the council's official app or phone number instead.