Source: Radio New Zealand
A QR code. 123RF
QR scams are on the rise, according to a global cybersecurity company.
Known as ‘quishing’, a QR code’s landing website is swapped out for another, where some sort of payment is sought. The scammers’ aim is to get credit card details entered.
Cybersecurity company ESET says these scams were nearly non-existent a year ago, but now make up one in 10 scams.
New Zealand manager Scott Leman says the stakes are high with QR codes, because they bypass traditional IT security.
“People might receive an email that has a QR code in it, or they might be seeing it out in the world somewhere, and they’re taking their mobile phones, they’re scanning that QR code, clicking on the link that it refers to, but it’s actually not going to the legitimate website and sending them through to somewhere that has been created by the scammer,” he told Nine to Noon on Monday.
“That’s then asking them to either log in to their Google account or their Microsoft account or perhaps enter some credit card details to make a payment. And that’s where they’re then losing their login details and credentials or losing their credit card information.”
He said to be wary of emails from people they did not recognise, or if they did not have any anti-virus software installed on their device.
“It could be an email that’s pretending to be from New Zealand Post, for example, and saying, ‘Hey, you have a package that’s on hold from Customs – scan this QR code to make payment to get it released, and please do it as quickly as possible to prevent any delays.’
“You then get your phone out, you scan that link, it goes through to a bad website, and then you then lose your credit card details.”
In March, quishing made up about 4 percent of cyber scams – rising past 9 percent in April, a “significant increase when a year ago we weren’t seeing any of these types of attacks at all”.
“QR codes are becoming effective because they have just become so much more mainstream… People are seeing QR codes appearing in places like parking meters and even churches to make donations and all sorts of things. So it’s becoming just a more commonplace in culture.”
Dodgy QR codes could also put malware on your device, Leman said.
“I think probably one of the bigger risks as well is not necessarily even putting in your credit card information, but if it then prompts you to log into your Google account, your Gmail account [or] Microsoft 365 login and password field, and then you then go and put in your business’ Microsoft credentials into that.
“And that’s where hackers or bad actors can then go in and potentially breach a business using those credentials. And so, yeah, there’s risk across the board.”
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
– Published by EveningReport.nz and AsiaPacificReport.nz, see: MIL OSI in partnership with Radio New Zealand
Original source: https://nz.mil-osi.com/2026/05/18/qr-codes-scammers-favourite-new-way-to-take-your-money/