Stickers with QR codes that link users to non-COVID-related websites have been placed over some legitimate QR code check-ins in the ACT.
Region Media has seen some of the QR codes placed on Check In CBR but has chosen not to release information about their location or the website they link to.
In previous months, the practice has been identified in cities around Australia and has taken users to anti-vaccination websites.
South Australian police arrested and charged a man with obstructing operations related to COVID-19 under the state’s Emergency Management Act in April, while a Queensland woman faced charges of common nuisances last month for putting up fake QR codes that took users to an anti-vaccination website.
ACT Health said it has not received any reports of fake QR codes being placed over Check In CBR posters.
A spokesperson said the check-in system in the ACT is conducted through an app, rather than a QR code that takes the user to a website, to prevent fake QR codes from being scanned.
“As a security feature, when users open the Check In CBR app and then scan the QR code by selecting ‘ Check-in now’, the app validates the QR code is a legitimate Check In CBR QR code – if it is not legitimate, the check-in does not work, and the user is not taken to another site,” the spokesperson said.
“Users are encouraged not to open their device camera to scan the code outside of the app.
“The Check In CBR app is updated regularly to improve its functionality and we ask that Canberrans update the version of the app on their device regularly.”
But there are some concerns that the hijacked codes could diminish public trust in the check-in system, which is used to rapidly track close contacts and exposure locations of positive COVID-19 cases.
ACT Health had recently worked to restore confidence in the app after at least one business complained that data from the app was being used outside of contact tracing purposes. The number of check-ins at some businesses were being used against predicted traffic to see whether patrons were using the app correctly and complying with their obligations.
Businesses with lower check-ins than average customers were sent a letter reminding them of their obligations. ACT Health Minister Rachel Stephen-Smith said the practice did not breach the app’s privacy protocols as no personal data was being shared, and all personal information was routinely deleted.
The Check In CBR app is now mandatory at most locations across Canberra, including on public transport, rideshare and retail shops.
Daily use of the app has more than tripled since the expanded requirements came into effect, jumping from around 112,000 check-ins a day to more than 307,000 last week.
For information about Check In CBR, including how to download the app, visit COVID-19. If you come across a fake QR code at a Check in CBR location, contact Access Canberra or call ACT Health on 6207 7244.