Australia’s cyber security and intelligence agency has sounded the alarm on the dangers of criminals using QR codes to scam Australians.
The use of QR, or Quick Response codes have become widespread in Australia due to the COVID-19 pandemic as businesses and venues use the square graphics to allow visitors to check in.
The NSW government on Monday said all hospitality businesses needed to use the state government’s QR code system in order to streamline contact tracing efforts.
However, the Australian Cyber Security Centre (ACSC) has warned individuals and businesses to be aware of the potential for scams.
The Australian Competition and Consumer Commission’s ScamWatch recorded 28 scams directly linked to QR codes, with losses totalling more than $100,000 between January and September 2020.
“Scanning a QR code which directs you to a non-government website requesting your name, phone number and email address, could result in your personal contact information being used for marketing or criminal purposes,” ACSC said in a resource shared on Twitter on Tuesday.
“Additionally, it is quick and easy for criminals to generate QR codes as part of attempts to obtain your personal information, usually by causing your smartphone to visit a harmful website, install a malicious app or join an untrustworthy Wi-Fi network.”
— Australian Cyber Security Centre (@CyberGovAU) January 5, 2021
Using an app developed by a state or territory government, on the other hand, has a relatively low risk, provided the app ignores QR codes that could lead to damaging locations and that the details of your check-ins are deleted after a certain period of time.
ACSC suggested individuals install and use the NSW and ACT governments’ check-in apps. If visiting a business where the QR code system isn’t aligned with the government’s system, ask why not.
Additionally, it said individuals should only scan codes placed in prominent positions within the venue to reduce the risk of scanning a malicious code placed there by a scanner.
While scanning the code, check for prompts on your phone indicating what the code will do, and if the code begins an unwanted action, be prepared to close the browser or hang up if an unexpected phone call begins.
“Provide only the minimum amount of personal contact information required by the State or Territory government, such as your name and either your email address or phone number.”
Want to get better with money and investing in 2021? Sign up here to our free newsletter and get the latest tips and news straight to your inbox.