A small European cafe chain has highlighted a major concerning aspect of the cashless revolution that has made its way to Australia. QR codes are ubiquitous across the world, and people rarely hesitate to scan them with their smartphones to pay their bills, order food from a pub, or get into a venue.
But John Pane, Electronic Frontiers Australia chair, told Yahoo Finance that you need to make sure what you are scanning is legitimate as hackers have been using a scam called quishing to steal your most personal information. He said it doesn’t take much for them to get what they need to drain your accounts or make you a victim of identity fraud.
“QR codes allow bad actors to leverage and infect devices with malware,” he said. “They can steal personal information or conduct [quishing] scams… where the QR code redirects you to a malicious site or infects your device with malware to extract the personal data.”
RELATED
This was laid bare in a video posted by the Cookie Beacon restaurant, which can be found in Hungary and Romania.
They posted a light-hearted clip showing someone sticking a piece of paper to a lamp post in a popular area, which said: “Alex, you cheated on me. I’m leaving photos for everyone to see what you did.”
The note had a large QR code attached to it and it wasn’t long before passersby noticed it.
Many didn’t even think twice before pointing their phones at the paper and scanning the code.
Do you have a story? Email stew.perrie@yahooinc.com
But they would have walked away mildly disappointed because the QR code took them to the Instagram account of Cookie Beacon.
It was all a guerrilla marketing tactic that was aimed at bringing a few people into the cafe.
Some called it a “clever” way of advertising but while the whole thing was fairly innocent, it highlighted how people will mindlessly scan something in public that could have been set up as a trap by sinister individuals.
Many people agreed that you should never point your phone at a code unless you absolutely know what it is.
“Cyber Security… Do not open random QR Codes,” said one person.
“People need to learn to NOT scan random QR Codes on the street,” another added.
“No one thought it could be a phishing/dangerous link?” added a third.
What is quishing and is it here in Australia?
Pane explained to Yahoo Finance that while QR code scanning has become an “accepted behaviour” for many, “people don’t understand the risks” of what can be lurking in public.
The trendy clusters of pixels have been around for years but spread like wildfire during the pandemic. They’re now everywhere, from pubs and restaurant menus to museum exhibitions. They can also count as your airline or live music event ticket.
While many of us have been trained in recent years not to click on a suspicious link, the knowledge about the dangers of random QR codes is still catching up.
“It’s very easy to just scan a QR code and then click on the link that’s generated in that code without really questioning [it],” Damien Manuel, adjunct professor of cyber security at Deakin University, said.
“We’re all being trained to look at a link now and go: is there a misspelling that makes it look like it’s not legit? But if I send it to you as a QR code, you’re probably not likely to spot it.
“[Scanning a code] may show you an abbreviated version of the link [on your device’s screen] and you’re more likely to, just out of habit, click on it and go straight through.”
Scammers have already tried to impersonate Services Australia and Medicare with fake QR codes to steal personal information.
Scamwatch said there have been dozens of reports of quishing in Australia since 2020 and more than $100,000 has been lost so far.
Make sure the QR code you scan is legitimate
Quishing has also been seen in other major countries and victims have been scammed in other ways than personal information being taken.
In one example, people in the UK accidentally signed themselves up for a $77-a-month subscription after scanning a QR code they saw in public.
Another viral QR code video showed a parking meter in the UK that had been highjacked by a scammer who had posted their own code over a legitimate one.
In the clip, a person about to pay for their parking noticed the illegitimate sticker and peeled it off.
It was another major reminder to double-check what you’re scanning.
QR codes could soon become even more popular
Chemist Warehouse recently announced it would add QR codes at the checkout to give consumers a new way to pay instead of cash or card.
While the move won’t save shoppers any money, it will help the discount pharmacy avoid upwards of $15 million a year in surcharges to provide digital payments.
It’s part of a new movement called Pay by Bank, which is essentially just like a bank transfer.
While it might not sound groundbreaking, it helps merchants and customers cut out the middle players like card providers and banks to keep costs low.
Dipra Ray recently launched a QR code payment system in Australia called Pyng.
He’s hoping businesses and Aussies across the country sign up for the app over the coming months and the payment system could be completely revolutionised.
“If we look at India, Southeast Asia and Brazil… there are lots of countries in the world where this has been emulated,” Ray explained to Yahoo Finance.
“It makes absolutely no sense when you use your own money to pay that you suddenly lose 1.5 per cent [in surcharging]. It’s, frankly speaking, quite ridiculous.”
Get the latest Yahoo Finance news – follow us on Facebook, LinkedIn and Instagram.
