Story image

Malaysians urged to use caution when scanning QR codes

01 Feb 2018

As QR code readers are becoming popular in Malaysia through the likes of WeChatPay and Alipay eWallets, Quann Malaysia is warning that scammers have quickly caught up.

The company says that scammers have now started using fake quick response (QR) codes to steal both data and money from people.

QR codes are used across the web and in restaurants, advertisements, retail outlets and other locations to provide information about a business.

They are also being used in Malaysia’s online payment ecosystem for retail consumers, however Quann Malaysia general manager Ivan Wen says that attackers are quickly using QR codes for their own purposes.

“There’s a rising number of cases where criminals have been sticking their own codes over a business’ original one to steal the scanner’s data or access the scanner’s smartphone to tap into their bank account.”

Because it is often difficult to tell original and malicious QR codes apart, Wen warns that businesses should check to make sure malicious codes are not on their websites or merchandise.

Wen says that QR codes are a normal method of mobile payment in China’s Guangdong province, however one case involved the theft of approximately RM55 million through restaurant scams.

The People’s Bank of China has since started regulating QR code daily spending limits and it requires all payment vendors to gain a licence before offering QR payment facilities to customers.

“As more mobile payment platforms look to enter the Malaysian market, it is important that users and merchants both exercise the necessary precautions to ensure both parties do not lose money or data to similar scams,” Wen adds. 

In restaurants, QR codes are not regularly changed, allowing attackers to take control. Those codes can also be used to infect mobile devices with viruses that can allow criminals to steal money from a mobile wallet, or can infect the device with ransomware.

Scammers can also replace genuine QR codes with malicious ones that direct victims to malicious websites. If users enter personal information, it can be used as part of phishing emails laden with malware.

“The impact of mobile malware could be devastating as the hacker can access your private information as well as your phones camera to spy on you. We advise users to be cautious when scanning QR codes,” Wen says.

Although there is often no way to tell between a genuine and fake QR code, Quann offers the following tips:

· Before scanning a QR code, observe the collateral for any signs of tampering such as a sticker placed on a printed menu or pamphlet

· Look out for pixelated images and logo as well as spelling mistakes to identify fake collaterals 

· Use a secure QR code scanner that can flag malicious websites and show the actual URL before scanning the code 

· Do not key in any personal information after scanning a QR code 

· Be wary about scanning a code in public places, like transportation depots, bus stops or city centres even if it’s on a printed poster.

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.
Expert offers password tips to aid a stress-free sleep
For many cybersecurity professionals, the worries of the day often crawl into night-time routines - LogMeIn says better password practices can help.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Adura launches new SOC and MSP in Singapore
The new SOC focuses on the needs of businesses to gain insight into their organization’s security posture and increase their ability to react promptly.