Australia Post scam: How fraudulent QR codes are tricking sellers

In an age where technology is supposed to make our lives easier, it’s disheartening to see the same advancements being used to exploit unsuspecting individuals. The latest scam to hit the headlines involves a staggering $19.3 million lost to fraudulent QR codes, and it’s essential to understand how this scam works and how to protect yourself.

The scam, which has been particularly prevalent on Facebook Marketplace, targets sellers who are led to believe they are receiving prepaid shipping from Australia Post. The seller is instructed to scan a QR code to receive payment and confirm the sale. However, this QR code is a gateway to a phishing site designed to look like the official Australia Post website. Once there, personal and banking information is at risk of being stolen.

Scammers impersonate Australia Post by using fake QR codes, convincing victims they’re receiving prepaid shipping. Credit: Australia Post

This type of scam, known as ‘quishing’ (QR code phishing), is a new twist on the more familiar email and text scams that trick users into clicking malicious links. The difference here is that the scammer gets the user to scan a QR code, which can be easily generated and disguised as legitimate. These fake QR codes can be slapped over real ones in public places, included in emails and texts impersonating government agencies, or found on online marketplaces.

Scamwatch has reported that Australians lost over $19.3 million to this type of scam in 2024 alone, indicating a significant rise in phishing websites and scams. 

Mark Gorrie, managing director for Norton APAC, warns that scammers are using every conceivable method to gain access to your information and devices. The sophistication of these scams is alarming, and it’s becoming increasingly challenging for individuals to identify them without assistance.

Here are some essential tips to help you avoid falling prey to these scams:

  • Exercise caution with emails, links, and attachments from unknown sources. 
  • Be sceptical of offers that seem too good to be true—they usually are. 
  • Implement two-factor authentication to add an extra layer of security to your online accounts.
  • Keep your security software up-to-date on all devices and stay informed about new malware threats. 
  • Never respond to unsolicited requests for personal information or passwords. 
  • Disregard unsolicited advice or offers of help, especially from those posing as tech support. 
  • Be cautious of urgent or immediate action requests—pause and think before you proceed. 
  • Maintain up-to-date Cyber Safety solutions software to protect against the latest online threats.

It’s not just online marketplaces that are affected by the quishing scourge. Major government organisations, such as the Australian Taxation Office (ATO) and myGov, have also been targeted by scammers using fake QR codes. Both the ATO and Services Australia, which manages Medicare, Centrelink, myGov, and Child Support, have issued warnings that they will never send SMS or emails with QR codes to log into online services.

As scams continue to evolve, it’s important to stay vigilant. Have you ever come across suspicious QR codes or other scams? Share your experiences in the comments below. Let’s help each other stay informed and protect our personal information. Knowledge is power—together, we can stay one step ahead!

Also read: A QLD scam victim tried to sue her scammer, but then things took a turn for the worse

Abegail Abrugar
Abegail Abrugar
Abby is a dedicated writer with a passion for coaching, personal development, and empowering individuals to reach their full potential. With a strong background in leadership, she provides practical insights designed to inspire growth and positive change in others.

2 COMMENTS

  1. I can’t believe there are still such a large number of people falling victim to online/email or telephone scams. I remember when I was learning to ride a motorbike, my instructor told me to ride like everyone on the road was going to hit me. So I stayed focused and vigilant and ride within my means. People need to take similar advice and treat every email, phonecall or text message as a potential scammer.

  2. The Market Place type of scams where an email is received saying that a “buyer” has prepaid for the goods and will be collected by a courier etc should be about the largest RED FLAG that it is a SCAM as from my experience those emails are never preceded by any enquiry about the item or price so my first reaction always is to hit the DELETE button. Unfortunately scammers always manage to snare innocent people in their traps!

LEAVE A REPLY

- Our Partners -

DON'T MISS

- Advertisment -
- Advertisment -