Council has recently received reports of quishing attempts on the Northern Beaches. Quishing is a scam where fraudulent QR codes are used by scammers and cybercriminals to trick you into providing personal information, making a payment or downloading malicious software onto your device.
What does quishing look like?
Scammers can use fraudulent QR codes in many different ways:
- on posters, flyers, signs, emails or stickers placed in public places
- placed over legitimate QR codes
- sent via text, email or on social media.
The fraudulent QR codes can hide malicious links that looks safe. When you scan them with your phone, these QR codes can take you to a fake website pretending to be one that you’re familiar with, steal information, ask you for a payment or install malware on your device.
How to be scam aware
- Think before you click and check Scamwatch for advice on known scams using QR codes
- Always look for the most trusted way to pay for something. QR codes may not be the best option
- Don’t download apps and files using QR codes. Download them from a trusted app store or reputable website
- Encourage your friends, family, employees and colleagues to check if emails with QR codes are legitimate. Don’t reply – call the sender and ask them
- Keep your personal and business devices updated with the latest version of software and download security updates as soon as they are released
- Learn how to spot a scam and detect socially engineered messages
- Educate your family, friends and colleagues about the cybersecurity-related risks associated with using QR codes
- For businesses, see if your email policies and system can prevent employees interacting with QR codes contained in emails.
The Australian Cyber Security Centre has more good advice for individuals and businesses regarding quishing and a wide range of cyber security threats.
If you've been targeted or think you may have scanned a suspicious QR code, you can report it to the Australian Cyber Security Centre using the ReportCyber website.