Australia markets close in 2 hours 50 minutes

    +4.40 (+0.05%)
  • ASX 200

    +1.00 (+0.01%)

    -0.0021 (-0.32%)
  • OIL

    +0.35 (+0.45%)
  • GOLD

    +8.70 (+0.36%)
  • Bitcoin AUD

    -2,527.16 (-2.47%)
  • CMC Crypto 200

    -24.95 (-1.80%)

    -0.0010 (-0.16%)

    +0.0017 (+0.15%)
  • NZX 50

    +51.29 (+0.41%)

    -68.53 (-0.35%)
  • FTSE

    -31.41 (-0.38%)
  • Dow Jones

    -57.35 (-0.14%)
  • DAX

    +150.63 (+0.82%)
  • Hang Seng

    -93.06 (-0.53%)
  • NIKKEI 225

    -85.55 (-0.22%)

Centrelink and Medicare impersonated in new 'quishing' QR scam

QR codes are everywhere since the COVID pandemic, but some aren't what they appear to be.

Scammers have found a new way to steal vital information about you through QR codes.

Those trendy clusters of pixels that became wildly popular in the wake of the COVID pandemic are now everywhere, from pubs and restaurant menus to museum exhibitions. You can easily point your camera at the code and are greeted by a wealth of detail.

However, QR codes have opened up an avenue for criminals to use and abuse your personal information.

Scammers are evolving and using something that's often hiding in plain sight in venues and on the streets across Australia. (Source: Facebook/Instagram)

Have you fallen victim to a scam like this? Email

Aussies have been warned time and time again about not clicking on links from dodgy emails or text messages, but there appears to be a more relaxed approach when it comes to QR codes.


“[QR codes have] always been there, but they became hugely popular and everybody started [scanning them] without any second thoughts,” Damien Manuel, adjunct professor of cyber security at Deakin University, said.

"It's very easy to just scan a QR code and then click on the link that's generated in that code without really questioning [it].


"We're all being trained to look at a link now and go: is there a misspelling that makes it look like it's not legit? But if I send it to you as a QR code, you're probably not likely to spot it.

"[Scanning a code] may show you an abbreviated version of the link [on your device's screen] and you're more likely to, just out of habit, click on it and go straight through."

What is quishing? Scam creeping up ranks in 2024

Scammers in the US and UK have started sticking QR codes in legitimate places like parking meters, and unsuspecting people will scan them and hand over personal details.

It’s a practice known as quishing, and consumer group CHOICE believes it will be one of the top scams this year.

In one example, people in the UK accidentally signed themselves up for a $77 a month subscription after scanning a QR code they saw in public.

Scamwatch said there have been dozens of reports of quishing in Australia since 2020 and more than $100,000 has been lost so far.

Scammers are sending out fake QR codes or placing stickers over legitimate ones in public to steal your personal information. (Source: Services Australia/Getty)
Scammers are sending out fake QR codes or placing stickers over legitimate ones in public to steal your personal information. (Source: Services Australia/Getty)

Scammers have tried to impersonate government bodies like Medicare and Services Australia.

These criminals will send out emails urging myGov users to update their information via a QR code and it will take them to a fake website that’s almost indistinguishable from the real deal.

These scam emails are sometimes able to get through a spam filter because they don’t contain a dodgy link in the text, as it’s contained within the QR code instead.

Aussies have been warned to double check the URL that the code takes you to and make sure it’s legitimate. You can also check physical QR codes to see if they have been placed over legitimate ones.

"If you're scanning a QR code in a public place, check it hasn't been tampered with," Manuel said. "When you are scanning, make sure you stop to think about where [the link] is actually going.”

Get the latest Yahoo Finance news - follow us on Facebook, LinkedIn and Instagram.

What should I do if I think I’ve been scammed?

Contact your bank and report the scam. Ask them to stop transactions and stop sending any money.

Report the scam to Scamwatch here and make an official complaint to police here.

Watch out for follow up scams, particularly ones promising they can get your money back. Scamwatch warned one in three victims of a scam are scammed more than once.

Lastly, get support for yourself. You can talk to a financial counsellor or reach out to BeyondBlue on 1300 22 4636 or here for an online chat or Lifeline for crisis support online here on 13 11 14.

You can also contact IDCARE to “reduce the harm they experience from the compromise and misuse of their identity information by providing effective response and mitigation”.