Submitted by Global Scam Watch on

Qantas airline scamAirline clients have definitely been the target of many scams, particularly following the 2025 data breach which heightened exposure to phishing attempts. Fraudsters are currently spoofing airline communications, notably Qantas, via SMS and email. These criminals use urgent flight changes or unclaimed points to trick users into logging into cloned portals harvesting credit card details. This wave of phishing activity exploits the trust travellers place in major carriers, especially during peak travel planning seasons and in the aftermath of widely reported security incidents.

๐“๐ก๐ž ๐Œ๐ž๐œ๐ก๐š๐ง๐ข๐œ๐ฌ ๐Ž๐Ÿ ๐“๐ก๐ž ๐ƒ๐ž๐œ๐ž๐ฉ๐ญ๐ข๐จ๐ง

The scams typically begin with a message appearing to come from the official Qantas brand, featuring legitimate looking logos and professional layouts to create an air of authenticity. Common lures include expiring loyalty points, where messages warn 62,000 or more Frequent Flyer points will expire within days, pressuring the recipient to act before verifying the source.

Other frequent methods involve notifications claiming a flight has been cancelled or changed, often including a fraudulent phone number or link to rebook. Scammers also exploit recent news or data breaches to entice users with fraudulent cash refunds. Once a user clicks the provided link, they reach a website mirroring the genuine Qantas login page, where any information entered, including login credentials and financial data, goes directly to the scammers.

๐”๐‘๐‹ ๐’๐ฉ๐จ๐จ๐Ÿ๐ข๐ง๐  ๐š๐ง๐ ๐“๐ฒ๐ฉ๐จ๐ฌ๐ช๐ฎ๐š๐ญ๐ญ๐ข๐ง๐ 

Scammers employ deceptive URL techniques making fraudulent websites appear legitimate. Typosquatting involves registering domain names nearly identical to the official address, relying on common typing errors or visual similarities. For example, a criminal might use qantass.com or qantas-support.com instead of the authentic qantas.com. These subtle changes often go unnoticed by users acting under the pressure of an urgent notification.

Beyond simple typos, attackers use homograph attacks, substituting standard characters with similar looking characters from different alphabets. A scammer might replace a Latin a with a Cyrillic ะฐ or use a dotless ฤฑ instead of an i. On mobile devices, these characters can look identical to the genuine version. Some browsers may display an xn prefix in the address bar when encountering these encoded domains, serving as a critical warning sign.

๐๐‘ ๐‚๐จ๐๐ž ๐๐ก๐ข๐ฌ๐ก๐ข๐ง๐  - ๐๐ฎ๐ข๐ฌ๐ก๐ข๐ง๐ 

Scammers embed QR codes in phishing emails or PDFs, claiming they lead to secured documents or a portal to verify account activity. By moving the interaction from a clickable link to a QR code, criminals often bypass traditional email security filters designed to scan for malicious URLs.

When a user scans the code with a mobile device, they are frequently directed to a phishing site or prompted to download a malicious file. Because many personal smartphones lack the robust endpoint protection found on corporate computers, these attacks are particularly effective. Users should treat any unsolicited QR code with the same suspicion as a suspicious link and avoid scanning codes from unverified sources.

๐๐ซ๐จ๐ญ๐ž๐œ๐ญ๐ข๐ง๐  ๐๐ž๐ซ๐ฌ๐จ๐ง๐š๐ฅ ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง

Airlines generally follow strict protocols when contacting customers, and understanding these standard practices serves as a primary defence against fraud. Qantas will never ask for PIN codes, passwords, or one time verification codes via SMS or email. Airlines also do not typically charge fees to move passengers to new flights after a carrier initiated cancellation, and official communications rarely require users to copy and paste unusual web links to bypass security checks.

๐๐ฎ๐ฌ๐ข๐ง๐ž๐ฌ๐ฌ ๐€๐œ๐œ๐จ๐ฎ๐ง๐ญ๐š๐›๐ข๐ฅ๐ข๐ญ๐ฒ ๐€๐ง๐ ๐ƒ๐š๐ญ๐š ๐๐ซ๐ž๐š๐œ๐ก ๐ƒ๐ข๐ฌ๐œ๐ฅ๐จ๐ฌ๐ฎ๐ซ๐ž

Incidents like these also highlight the responsibility businesses carry when handling customer data. Timely and transparent disclosure of breaches is critical in allowing individuals to protect themselves from follow up scams. Delayed acknowledgement can significantly increase risk exposure, as seen in the recent Telus data breach where it reportedly took 7 months to publicly acknowledge the incident.

Organizations must prioritize rapid disclosure, clear communication, and proactive guidance to affected users. Failure to do so not only erodes trust but also creates an environment where scammers can exploit uncertainty and lack of awareness.

๐’๐ญ๐ž๐ฉ๐ฌ ๐…๐จ๐ซ ๐’๐š๐Ÿ๐ž๐ญ๐ฒ

Verifying the sender remains the most effective way to prevent falling victim to these schemes. Rather than clicking a link or scanning a QR code in a message, travellers should access accounts directly through the official Qantas app or by typing the website address into a browser. If a suspicious communication arrives, contacting the airline using a publicly listed number ensures the information is legitimate.

Individuals suspecting they have shared details with a scammer should contact their financial institution immediately to secure accounts. Monitoring for unusual activity and updating passwords across sensitive platforms can also mitigate potential damage.