Don't click that link: new wave of Qantas phishing scams targets unused points

The latest scam text messages being sent to unsuspecting victims promise luxury prizes - including iPhones, Dyson appliances and Coles vouchers - and warn that rewards points are about to expire.

The National Anti-Scam Centre says Telstra, Qantas and Coles are now the three most targeted loyalty programs.

One message reads: "Qantas: Your 12,846 Rewards points will expire at 03 February 2026.GO get your gift before they're gone!"

Victims are instructed to reply "Y" to activate the link or copy it directly into their browser - a tactic designed to bypass phone security systems and harvest personal details.

A Qantas spokesperson said the airline was aware of the scam and had reported it to authorities.

"These messages often direct people to websites that closely resemble our official login pages," the spokesperson said.

According to fraud prevention firm Accertify, improved detection has cut overall airline fraud by about 30 per cent since early 2025.

However, criminals are now shifting to personalised attacks aimed at individual travellers, particularly in Australia and the Asia-Pacific.

A report by professional services firm EY, released in December 2025, found loyalty points have become a "prime target", treated by criminal networks as a form of "shadow currency" that can be converted into gift cards or flights and resold online.

Because many travellers check their loyalty accounts infrequently, scammers can drain points undetected for weeks or even months, exploiting security gaps across airline partner networks, the report found.

The National Anti-Scam Centre says phishing - where criminals impersonate trusted organisations to steal personal information - is becoming increasingly common.

"Criminals exploit well-known and trusted brands to deceive people into handing over bank details, passwords and credit card information," a spokesperson said.

Read more on Explore:

The centre urged Australians to "stop and check" before responding to unexpected messages.

"Never provide personal or financial information through links or unsolicited calls," a spokesperson said. "Always verify contact using official details you find yourself."

In 2025, phishing scams were the second most reported scam type in Australia after investment fraud, according to the centre.

Australians lost $31.1 million to phishing scams in 2025, with more than 65,000 cases reported and average losses of around $2000 per person.