Private Investigator, Evan Frangos gives dire warning on new QR code scam fleecing thousands of dollars from people

A leading South Australian scam expert is warning people not to use physical QR codes due to an increasing number of people falling victim to fakes.

Luke Williams

2 min read

January 12, 2025 - 4:30AM

Private Investigator, Evan Frangos said that people are losing thousands of dollars through an increasing number of QR code scams. Picture: Roy VanDerVegt

SA News

Don't miss out on the headlines from SA News. Followed categories will be added to My News.

A leading South Australian scam expert is warning people not to use physical QR codes in shops and restaurants because of an increasing number of phishing scams across the state.

Quishing – a form of phishing that uses QR codes instead of text-based links in emails, digital platforms or on physical items – is becoming “the next big thing” for scammers, according to Australian Anti Scam Alliance special agent director Evan Frangos.

Mr Frangos, who also owns South Australian Private Detectives (SAPD), said scammers linked to international crime groups were printing and overlying counterfeit QR codes at restaurants, retail stores, service stations and on posters to steal personal information from people’s phones.

“As soon as you take the image of the QR code, malware is downloaded onto your phone and in an instant, all your passwords and all your details are stolen,” he said.

“If this includes all your banking, your money can be gone in an instant.”

Restaurants, cafes and even retail stores are relying more and more on QR codes.

In other cases, scanning the QR code scan can prompt users to provide further information, such as credit card details.

Mr Frangos said the other new scam being used by crime gangs involved people being sent a gift such as jewellery or a toaster in the mail, with a prompt to complete a “customer survey” by scanning the QR code.

“What happens is that people get used to the old scams, but it’s the new scams that catch people out,” he said.

Mr Frangos urges people to either check to see if a fake QR code has been overlaid or simply not use QR codes at all when out at restaurants or shops.

In its latest annual cyber threat report, the federal government’s Australian Signals Directorate (ASD) described quishing as “the unseen threat in QR code technology”.

“In FY2023–24, ASD responded to 30 quishing-related incidents targeting Australians organisations, demonstrating that social engineering has taken on a new form,” the report said.

Federal government agencies have also warned people they would never send emails containing QR codes, following reports of phishing emails purporting to be from the Australian Taxation Office or Services Australia.

Once scanned, the QR code attempts to direct recipients to malicious websites via phishing emails.

Abigail Bradshaw Head of the Australian Signals Directorate at Parliament House in Canberra. Picture: NCA NewsWire / Martin Ollman

On its website, Services Australia says scammers may send emails with a link that takes people to a fake myGov website.

Scanning the code takes users to a fake myGov site designed to steal personal details.

Late last year, the ATO reported it had also seen phishing emails containing QR codes leading to malicious sites purporting to come from its officials.

In a statement, an ACCC spokesman said the National Anti-Scam Centre was aware of QR codes being used by scammers as a type of phishing scam.

The spokesman said consumers should “not download any application from a QR code. Keep your phone and computer updated with anti-virus software”.

“If you have lost money, contact your bank or financial institution immediately,” it said.

If anyone suspects they are a victim of quishing, they are encouraged to call the 24-hour Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371) or submit a report through its website.