Online ServicesSecurity centre

Quick response codes

The use of Quick Response (QR) codes has become more popular in the COVID-19 environment, aiding contact tracing and business check-in efforts.

What are QR CodesTM?

QR Codes™ are like barcodes that contain information that can be read by the camera or another app on your smartphone, triggering your smartphone to perform an action, such as:

  • visiting a website
  • installing an app
  • joining a Wi-Fi network
  • adding someone’s details to your contact list
  • dialling a specified phone number
  • sending a SMS/text message or an email to a specified recipient.

Some businesses may also display QR Codes™ that direct customers to a website containing menus, or in some instances, to facilitate payments.

 

What should I be aware of when using QR CodesTM?

Although QR Codes™ are convenient and widely used, you still need to be cautious and aware of potential risks.

QR Codes™ can be used for fraudulent purposes, with malicious QR Codes™ used to distribute malware, direct you to harmful websites, or to compromise your personal information, such as your name, phone number, email address etc, which could result in your personal information being used for criminal purposes.

What to look out for:

  • while scanning a QR code, look for prompts on your smartphone indicating actions that the QR code will perform.
  • be ready to cancel or terminate an unwanted action triggered by scanning the QR code (e.g., close your web browser if you are directed to an unknown website, or hang up if an unexpected phone call is initiated).
  • provide only the minimum amount of personal contact information required, such as your name and either your email address or phone number.
  • before scanning, ensure the QR code has not been tampered with in any way.
  • ask the business for their privacy policy detailing how your personal contact information will be collected, stored, used, and deleted.

Be extra cautious if using a QR code to make a payment. If you are unsure of the website, do not enter your personal information or account/credit card details. Use secure payment options, such as PayPal, if offered, to give you an extra level of protection.

 

Further information

The Australian Cyber Security Centre has step-by-step guides to turning on automatic updates for smartphone operating systems, and turning on multi-factor authentication, which can help to mitigate the harm caused by scanning a malicious QR code.