In an age where technology is supposed to make our lives easier, it’s disheartening to see the same advancements being used to exploit unsuspecting individuals. The latest scam to hit the headlines involves a staggering $19.3 million lost to fraudulent QR codes, and it’s essential to understand how this scam works and how to protect yourself.
The scam, which has been particularly prevalent on Facebook Marketplace, targets sellers who are led to believe they are receiving prepaid shipping from Australia Post. The seller is instructed to scan a QR code to receive payment and confirm the sale. However, this QR code is a gateway to a phishing site designed to look like the official Australia Post website. Once there, personal and banking information is at risk of being stolen.
This type of scam, known as ‘quishing’ (QR code phishing), is a new twist on the more familiar email and text scams that trick users into clicking malicious links. The difference here is that the scammer gets the user to scan a QR code, which can be easily generated and disguised as legitimate. These fake QR codes can be slapped over real ones in public places, included in emails and texts impersonating government agencies, or found on online marketplaces.
Scamwatch has reported that Australians lost over $19.3 million to this type of scam in 2024 alone, indicating a significant rise in phishing websites and scams.
Mark Gorrie, managing director for Norton APAC, warns that scammers are using every conceivable method to gain access to your information and devices. The sophistication of these scams is alarming, and it’s becoming increasingly challenging for individuals to identify them without assistance.
Here are some essential tips to help you avoid falling prey to these scams:
- Exercise caution with emails, links, and attachments from unknown sources.
- Be sceptical of offers that seem too good to be true—they usually are.
- Implement two-factor authentication to add an extra layer of security to your online accounts.
- Keep your security software up-to-date on all devices and stay informed about new malware threats.
- Never respond to unsolicited requests for personal information or passwords.
- Disregard unsolicited advice or offers of help, especially from those posing as tech support.
- Be cautious of urgent or immediate action requests—pause and think before you proceed.
- Maintain up-to-date Cyber Safety solutions software to protect against the latest online threats.
It’s not just online marketplaces that are affected by the quishing scourge. Major government organisations, such as the Australian Taxation Office (ATO) and myGov, have also been targeted by scammers using fake QR codes. Both the ATO and Services Australia, which manages Medicare, Centrelink, myGov, and Child Support, have issued warnings that they will never send SMS or emails with QR codes to log into online services.
As scams continue to evolve, it’s important to stay vigilant. Have you ever come across suspicious QR codes or other scams? Share your experiences in the comments below. Let’s help each other stay informed and protect our personal information. Knowledge is power—together, we can stay one step ahead!
Also read: A QLD scam victim tried to sue her scammer, but then things took a turn for the worse
