Arrest after man replaces official COVID-19 check-in signs with anti-vaxxer QR code

Arrest after man replaces official COVID-19 check-in signs with anti-vaxxer QR code

In some parts of the world, the authorities have encouraged the public to check-in to events and shops they visit by scanning a QR code into a COVID-19 app.

It doesn’t grant you the right to enter a shop if you’re feeling unwell, or to disregard the advice about social distancing, sanitising your hands, and wearing a mask, but it does provide a mechanism for the authorities to trace who might have been present at a location if an outbreak is later confirmed.

Inevitably, being 2021 and all that, some people are very very angry about such systems.

In fact, in South Australia hostility to the Covid QR code check-in system has been so great that there have been reports of bogus QR codes being stuck over official CovidSafe check-in QR codes.

If you use the South Australian MyGov app to scan the illegitimate QR code then it will be rejected and nothing will happen. But if you scan the code in your smartphone’s camera app you are being redirected to a website distributing misinformation from the anti-vaxxer community.

Business SA chair Nikki Govan told ABC Radio that a “small number of businesses” who had stuck their QR code on the outside of their building had fallen victim to members of the public sticking their own replacement QR code over the top.

Sign up to our free newsletter.
Security news, advice, and tips.

Police have today arrested a 51-year-old man for allegedly placing the fake QR codes over the official Covid-19 check-in QR codes being used by businesses at a shopping centre in South Plympton, South Australia. He has been charged with two counts of obstructing operations related to the coronavirus pandemic under the Emergency Management Act.

In addition, police have charged the man – who has been refused bail – with possession of a prohibited weapon.

If found guilty of tampering or obstructing with the QR codes, the man could face a fine of up to AU $10,000 (almost US $8000).

South Australia police have reassured the public that simply visiting the link generated by the bogus QR code does not share any sensitive personal data.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.