A consumer watchdog is warning shoppers to be on high alert for scam QR codes this Christmas as criminals are increasingly using the technology to steal your data.
Everywhere you go these days, from restaurants and cafes to gyms and parking garages, you’re often asked to scan a QR code with your phone to get access to the most basic of business services.
You may find that annoying and time consuming, but by scanning the code, you’ve also just given that business permission to collect your digital data – whether you knew that or not.
QR scams on the rise
It’s probably no surprise then, that the QR code has come to the attention of cybercriminals and scammers as another way of getting your info.
US watchdog the Federal Trade Commission (FTC) has issued a stark warning for shoppers ahead of the Christmas rush.
It says criminals have been hiding malicious links inside fake QR codes and placing them on top of existing legitimate ones in stores. At the same time, there has been a marked increase in fake QR codes being sent via SMS, advertising sales and other special offers.
“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” the FTC says.
“And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realise it.”
That time of year (for scammers)
The FTC caution comes as one of Australia’s big four banks issues its own Christmas scam warning.
Westpac research has found that transaction scams, those that involve buying and selling items or services, were up 47 per cent compared with last year. The majority of those scams were facilitated through fake websites, social media or online marketplaces.
Ben Young, Westpac head of fraud, says the highest number of transaction scams are usually reported at this time of year, in November and December.
“Scammers often target customers at this time of year when people are spending more and can sometimes be a bit more distracted,” he said.
“To put this into perspective, Westpac facilitated more than 31 million point-of-sale transactions during the recent Black Friday and Cyber Monday sales leading to a 5 per cent increase in fraud-related calls.”
Westpac found almost two in five (38 per cent) Australians had encountered a scam through fake websites, online retailers or marketplaces.
What to look out for
Mr Young says in addition to the QR code scams, many transaction scams at this time of year revolve around fake websites and fake parcel delivery messages.
Scammers entice unsuspecting shoppers with highly competitive prices through fake websites. Be wary when purchasing from brands or websites you’ve either never heard of or haven’t bought from before, especially if the advertisement was on social media.
Many criminals also prey on ‘parcel anxiety’ – where you anxiously await updates on something you’ve ordered online – and issue fake delivery updates through SMS or via email asking you to click on links.
Mr Young advises to never click on links and use provided tracking numbers to independently review a delivery status through the courier service.
“Other common scam tactics include issuing fake invoices with altered payment details and tricking you into downloading software or installing apps on your devices that allow the scammer to access personal information like emails, passwords or even your banking details.”
Have you ever encountered a suspicious QR code? Have you noticed an uptick in scam attempts recently? Let us know in the comments section below.
Also read: Banks join forces to wage war on scams
I cannot tell you how much I loath this QR code system. 2 examples recently. I needed to drive some considerable distance into a Brisbane inner suburb to take my ebike fo a service. Checked, stated was metered parking spaces in this area. Got there – you could only pay by scanning a QR code. I refused, so had to phone them. But again, they wanted all my personal details – even down to car licence number and DOB. This is so wrong. I then had to drive considerable distance to park in a hardware store car park.
2nd experience – bought an item online, said could collect at Kmart. Fronted up with the email they had sent advising me, but no, would not release parcel until I logged onto suppliers QR code.
It has got totally out of hand.