The Times Australia
The Times News

.

COVID-19 data collection – how to stay safe and avoid scams

  • Written by Aaron Bugal, Global Solutions Engineer at Sophos

Scammers will take advantage of any situation they can to obtain personal information and, often, financial reward. The COVID-19 situation is no different. According to the Australian Government’s Scamwatch, more than 6,100 COVID-19-related scams have been reported since the outbreak of COVID-19, resulting in people being scammed out of more than $8.4 million.

Now a new vector for COVID-19-related scams has arisen – QR codes. (QR stands for quick response, in case you were wondering.) Across Australia, bricks and mortar businesses are now required to have QR code check in to make it easier for contact tracing in the event of an outbreak. And those QR codes are easily spoofed, often by simply sticking another, fraudulent QR code over the top. How can business owners and consumers protect themselves against this new scam?

QR codes – the wild west

When the pandemic hit, and businesses were asked to have people check in, it gave rise to any number of data brokers offering check-in services to businesses. These all had their own privacy policies (which few people ever take the time to read, generally because they’re long and impossible to understand) and often asked people to check a small box if they didn’t want to receive marketing materials. Of course, a lot of people would miss this box.

Businesses using these data brokers all had the same obligations under various pieces of privacy legislation: they had to ensure the personally identifiable information was stored in an approved manner, that people could opt into marketing campaigns associated with their PII, and that the information was destroyed after a certain period.

It quickly became apparent that this situation was not ideal on two levels. First, there was no overarching rules about the data brokers. While they were bound by legislation associated with collecting PII, there was no guarantee that it was not going overseas. It was also vulnerable to being hacked and sold on the dark web.

The second issue was that without a centralised data collection process, it was difficult for contact tracers to get the information they needed if there was an outbreak.

Most Australian state governments saw the light towards the end of 2020, and this wild west situation came to an end. NSW, for example, mandated all check-ins had to be made through its Service NSW app, easing the situation for contact tracers and giving consumers better privacy protection as their data wasn’t being collected by brokers.

Government tracing opens the door for scammers

Putting a QR code at the entrance of every business seems like a great idea – and it is, until it isn’t. Why? Because it’s relatively easy for a scammer to simply paste over the QR code with their own fraudulent code.


A business owner might not immediately notice that their code was replaced by something else and, for consumers, it’s nearly impossible to know, simply by looking at the code that things are not as they seem.

That’s because QR codes, like their less intelligent barcode brethren, aren’t readable by humans. To us, all QR codes look the same.

Scanning a scam QR code could take you to a portal that looks like the real thing. As with phishing emails (emails designed to look like they come from a legitimate sender in a bid to extract personal and financial information), a scam QR code portal could have logos and other information that look legitimate.

Spotting these scams is a little harder. Business owners and consumers need to be aware that a government sign-in, like the Service NSW app, will always keep them within the app itself. It won’t divert to a web page, even if that web page looks legitimate.

But what if you don’t have an official government app in your state? Then the QR code will take you to a web page. So, you need to know how to spot a scam check in website.

If it asks you for credit card information, it’s a scam. Check the URL that loaded – make sure it doesn’t have lots of unusual characters and numbers in the address bar.

Business owners can protect against these scams by regularly checking their signage for tampering, while the best protection for consumers is to use the official government app for their state or territory.

As COVID-19 precautions become increasingly normalised into our business and personal lives, business owners should now have transitioned onto government apps, and consumers should be using them too. With a few simple precautions, businesspeople and customers can protect themselves against QR code scams – keeping their personal and financial information safe.

Times Magazine

Headless CMS in Digital Twins and 3D Product Experiences

Image by freepik As the metaverse becomes more advanced and accessible, it's clear that multiple sectors will use digital twins and 3D product experiences to visualize, connect, and streamline efforts better. A digital twin is a virtual replica of ...

The Decline of Hyper-Casual: How Mid-Core Mobile Games Took Over in 2025

In recent years, the mobile gaming landscape has undergone a significant transformation, with mid-core mobile games emerging as the dominant force in app stores by 2025. This shift is underpinned by changing user habits and evolving monetization tr...

Understanding ITIL 4 and PRINCE2 Project Management Synergy

Key Highlights ITIL 4 focuses on IT service management, emphasising continual improvement and value creation through modern digital transformation approaches. PRINCE2 project management supports systematic planning and execution of projects wit...

What AI Adoption Means for the Future of Workplace Risk Management

Image by freepik As industrial operations become more complex and fast-paced, the risks faced by workers and employers alike continue to grow. Traditional safety models—reliant on manual oversight, reactive investigations, and standardised checklist...

From Beach Bops to Alpine Anthems: Your Sonos Survival Guide for a Long Weekend Escape

Alright, fellow adventurers and relaxation enthusiasts! So, you've packed your bags, charged your devices, and mentally prepared for that glorious King's Birthday long weekend. But hold on, are you really ready? Because a true long weekend warrior kn...

Effective Commercial Pest Control Solutions for a Safer Workplace

Keeping a workplace clean, safe, and free from pests is essential for maintaining productivity, protecting employee health, and upholding a company's reputation. Pests pose health risks, can cause structural damage, and can lead to serious legal an...

The Times Features

The Role of Your GP in Creating a Chronic Disease Management Plan That Works

Living with a long-term condition, whether that is diabetes, asthma, arthritis or heart disease, means making hundreds of small decisions every day. You plan your diet against m...

Troubleshooting Flickering Lights: A Comprehensive Guide for Homeowners

Image by rawpixel.com on Freepik Effectively addressing flickering lights in your home is more than just a matter of convenience; it's a pivotal aspect of both home safety and en...

My shins hurt after running. Could it be shin splints?

If you’ve started running for the first time, started again after a break, or your workout is more intense, you might have felt it. A dull, nagging ache down your shins after...

Metal Roof Replacement Cost Per Square Metre in 2025: A Comprehensive Guide for Australian Homeowners

In recent years, the trend of installing metal roofs has surged across Australia. With their reputation for being both robust and visually appealing, it's easy to understand thei...

Why You’re Always Adjusting Your Bra — and What to Do Instead

Image by freepik It starts with a gentle tug, then a subtle shift, and before you know it, you're adjusting your bra again — in the middle of work, at dinner, even on the couch. I...

How to Tell If Your Eyes Are Working Harder Than They Should Be

Image by freepik Most of us take our vision for granted—until it starts to let us down. Whether it's squinting at your phone, rubbing your eyes at the end of the day, or feeling ...