Where is the QR code actually leading you?

QR code

You may have used or seen a Quick Response code, more commonly known as a QR code. A QR code is a grided barcode that when scanned with a device’s camera, can take the user to websites, connect to Wi-Fi networks, allow the user to view and order food, download files, authenticate services or even make payments. 

QR codes are a very convenient and versatile tool that can be tailored to your need and uses. With that being said, QR codes also come with some risks. 

You have probably also heard of ‘phishing’. It is when cyber criminals trick you into giving them personal information by sending you fraudulent emails or text messages often by pretending to be from well-known organisations.  

With the rise of QR codes, the term ‘Quishing’ has been adopted to describe a form of phishing attack that uses QR codes, instead of the traditional text-based links in emails and texts. A quishing victim may inadvertently allow cyber criminals to monitor their online activities, steal personal information, distribute malware, gain access to their device and even by-pass multi-factor authentication.    

The Office of the Australian Information Commission’s Notifiable Data Breaches Report for January to June 2024 identified that during this period, human error accounted for 30% of all data breaches and 12% of all breaches were caused by phishing. This shows how human factors pose a real threat to personal information security risks and how we may unknowingly and unintentionally be contributing to the risk of data breaches.  

Individuals can take proactive steps to keep themselves informed about how to recognise scams, including quishing, to protect their privacy and personal security. A few signs to look out for when identifying a suspicious QR code can include: 

  • a different QR code being placed over the original QR code; 
  • a misaligned QR code or spelling mistakes around the signage;  
  • a file downloading after scanning a QR code (if this occurs, the file should not be installed); or 
  • a lack of detail explaining where the QR code will direct you to.  

Here are some tips and tricks to reduce the risk of a quishing attack: 

  • only scan QR codes from trusted sources (for example, avoid scanning QR codes found in car parks, stations, parks, etc) and ensure the QR code is legitimate and not unusual; 
  • check Scamwatch for advice on known scams using QR codes; 
  • check where the QR code link is taking you before clicking; 
  • avoid downloading or entering personal or financial details accessed via unfamiliar QR codes. Instead, head directly to the official website or source; 
  • regularly update your mobile device’s operating system and any apps to protect against vulnerabilities; and 

Next time you are about to scan a QR Code or click on the related link, remember to first pause and consider the above tips and tricks to ensure its legitimacy and reduce your risk of becoming a victim of a quishing attack. 

For more information or advice on detecting scams or mitigating their damage, contact our team today. 

Parental Leave for Casual Employees

For casual employees the unpredictability of their employment can be a major source of stress as often casual employees miss out on many of the entitlements that full-time and part-time employees enjoy. For many, this concern is further exacerbated when they learn that they are about to become a parent. It should therefore be of …
Read more

Purchasing an Off-the-Plan Property

The interest in “off-the-plan” properties is ever increasing and is becoming more popular for buyers. An off-the-plan purchase is one where the Buyer enters into a contract to purchase a property that has not yet been constructed. Due to the prolonged settlement period for an off-the-plan purchase it is imperative for buyers and sellers to …
Read more