In the age of digital convenience, Quick Response codes or QR codes as we call them, have become an integral part of our daily lives, seamlessly connecting the physical and digital realms. These pixelated squares, designed for efficiency and accessibility, facilitate easy access and information transfer with a simple scan.

However, as the popularity of these codes has surged, they have also become an unwitting accomplice to a growing wave of cyber threats – QR code scams.

What are QR code scams?

QR code scams involve cybercriminals manipulating QR codes to deceive individuals into performing actions that compromise their personal information, money, or cybersecurity. Here are some common QR code scam scenarios:

  • Fake payment requests: Scammers may create QR codes that link to their own payment accounts instead of legitimate ones. When you scan the code to make a payment, your money goes directly into their accounts and you may not be able to retrieve these funds.
  • Downloading apps: Scammers may trick you into scanning a QR code that initiates the download of a malicious app, which can be potentially harmful to device and data.
  • Malicious websites: A QR code might lead you to a fraudulent website designed to steal your login credentials, personal information, or financial data.
  • Public Wi-Fi: Some QR codes may claim to provide access to a free Wi-Fi network but actually connect you to an unsecure or fake network. This may allow hackers to intercept your online activity.

How to protect yourself

There are a few things you can do to protect yourself and keep your personal information safe:

  • Check the source: Scan QR codes from only sources you trust. Be sure to scrutinise codes from unverified or suspicious locations. If you are unsure, contact the organisation through an official channel before scanning and check that the code links to a legitimate site before submitting any information.
  • Inspect the URL: Before visiting any website via a QR code, examine the URL to ensure it matches the legitimate website’s domain. Avoid visiting suspicious or unknown websites. Also beware of regular hyperlinks: always hover your mouse over links before clicking to check the domain
  • Secure your devices: Keep your devices operating system and apps up to date to help prevent potential security vulnerabilities.
  • Beware of unsolicited QR codes: Avoid scanning QR codes that you receive via email, text, or social media from unknown or untrusted sources. Verify the sender’s identity first.
  • Verify payments: When making payments using QR codes, be sure to verify the recipient’s details and the payment amount before finalising the transaction.
  • Multi-Factor Authentication (MFA): Enable multifactor authentication on your accounts where possible and be sure to only approve MFA requests for logins initiated by you.
  • Password security: Use strong and unique passwords for your accounts.

QR codes have no doubt made our lives more convenient, but it’s important to remain vigilant and cautious when using them. By following these precautions and being aware of QR code scams, you can enjoy the benefits of this technology without falling victim to cybercriminals.

What to do if you have encountered a scam

If you believe you may have been a victim or lost money to a scam, it’s important to notify your financial institution as soon as possible. Do not send any more money and block all contact from the scammer.

Australian Mutual Bank members can contact our Fraud Team by calling 13 61 91 or by emailing

Seek support from IDCARE (a free government-funded service) who can help you develop a response plan to limit the damage. IDCARE will never contact you out of the blue.

For more advice on how to avoid scams and what to do if you or someone you know is a victim of a scam, see our Security Advice section or visit the Scamwatch website.


Beware of QR Code Scams | Qbit
Shopping for a Black Friday Bargain? Keep an Eye Out for Fake Websites (

12 December 2023