With the rise of different online scams, the Australian Taxation Office (ATO) and Services Australia are urging everyone to be vigilant against a new wave of cyber threats that could compromise their personal information.
They specifically warn people about scanning QR codes. These are the square-shaped barcodes that often store information that can be read by digital devices like smartphone cameras.
The new scam, known as ‘quishing’—a mix of the words ‘QR code’ and ‘phishing’—is a clever twist on the more familiar email and text phishing scams. Instead of luring you with malicious links, quishing scams entice you to scan a QR code, which then directs you to fraudulent websites designed to steal sensitive data.
The ATO has been at the forefront of combating these scams, with a spokesperson highlighting the ongoing battle against ATO impersonation attempts.
‘Whilst the ATO may use text message or email to ask taxpayers to contact us, we will never send you a text message or email with a link or a QR code to log in to online services,’ the spokesperson told Yahoo Finance.
Services Australia, responsible for delivering essential services like Medicare, Centrelink, myGov, and Child Support, also gave a warning on scammers using QR codes in emails pretending to be from the government.
Hank Jongen of Services Australia stated, ‘We will never ask you to scan or copy a QR code to sign in to your myGov account. We would not send you a link, attachment or QR code in a text message or email.’
The consequences of falling for a quishing scam could be severe. Once scammers gain access to your myGov account, they could potentially make fraudulent claims for government payments or redirect legitimate payments to their own bank accounts.
The Australian Signals Directorate (ASD) reported responding to 30 quishing-related incidents aimed at Australian organisations in the 2023-24 period, dubbing it the ‘unseen threat’ in QR code technology.
John Pane, chair of Electronic Frontiers Australia, also gave a warning on the widespread acceptance of QR code scanning, saying it ‘allow[s] bad actors to leverage and infect devices with malware.’
He advises against using QR codes, especially in public places like restaurants and cafes, where your data could be harvested by unknown parties and potentially marketed, sold, or inadequately secured.
To protect yourself and your personal data, Services Australia advises only trusting information from their genuine websites (servicesaustralia.gov.au and my.gov.au) and official social media accounts.
They also provide a Scams and Identity Theft Helpdesk (1800 941 126) for those who suspect they have scanned a fraudulent QR code.
Similarly, the ATO encourages individuals to verify the legitimacy of any ATO-related communication by calling 1800 008 540. They also recommend forwarding suspicious emails or text messages to [email protected] before deleting them.
The key takeaway is to avoid clicking on links, scanning QR codes, opening attachments, or downloading files from unverified sources.
As you navigate the digital landscape, it’s crucial to stay informed and cautious. By exercising a healthy dose of scepticism and following the guidance of ATO and Services Australia, you could help safeguard your personal data against these insidious scams.
Have you encountered a quishing scam or have concerns about QR code security? Share your experiences and thoughts in the comments below. Your insights could help others in our community stay safe online.
Also read: A QLD scam victim tried to sue her scammer, but then things took a turn for the worse
