Spotlight: Beat the scammers

Staying vigilant in the wake of rising QR code scams can prevent one from falling victim. IZWAN ISMAIL and FAISAL ASYRAF talk to industry experts.
Staying vigilant in the wake of rising QR code scams can prevent one from falling victim. IZWAN ISMAIL and FAISAL ASYRAF talk to industry experts.

THE rise of Quick Response (QR) code scams is putting e-payment security in the spotlight.

By replacing legitimate merchants’ codes with malevolent copies, fraudsters can gain access to consumers’ data and even raid their bank accounts. This has sparked calls for authorities to do more to protect consumers.

According to Abang Caspian Abang Thairani, founder and chief executive officer of Caspian Technology, which develops mobile applications, the onus is on vendors and consumers to beat the scammers.

KUALA LUMPUR 03 FEBRUARI 2018. CEO and Founder of Caspian Technology, Abang Caspian Abang Thuraini. NSTP/EMAIL

He says on the part of vendors, they need to check their QR codes regularly.

“This is because QR codes are placed in accessible locations for customers to scan.

“This will enable scammers to print out a QR code and replace it without vendors knowing about it.”

He says this is especially true if the QR code is meant for payment.

“Phishers can print and replace QR codes to redirect to their website and demand payment information.”

For anything that requires financial transaction, Abang Caspian says there should be a two-way validation system.

“This will strengthen the security of the payment process, hence making it hard for scammers to steal.”

He says it is vital for consumers to keep their financial and personal information safe.

“The rule of thumb is to never give your financial or personal information to people whom you are not sure of or doubtful email messages.

“Phishers use this information to send emails or SMSes to get more details about you.”

Abang Caspian advises the public to be wary of public QR codes.

It does not take much imagination to see how dangerous a QR code can be when displayed in public places, such as at train stations, airports, malls and shops.

Most people implicitly trust advertisements, and would never imagine a QR code scam happening to them.

“When a user takes a photo of a QR code, the link it stores is first displayed on the device’s screen.

“Cybercriminals use URL shortening services (such as bit.ly) to disguise the ultimate address stored in the QR code that may lead to a page with malware that steals the user’s credentials, or to a phishing site.”

Abang Caspian advises consumers to use reputable QR code scanners.

“You would never know if your QR code is bogus.”

According to Kaspersky Lab Southeast Asia general manager Sylvia Ng, QR code scams occur because not many people will suspect that someone can replace a code on an official advertisement displayed in a bank, on public transport, in a museum or other institution, or to scan for payment.

“Still, there have been many cases of malicious QR codes being neatly placed over legitimate ones. You have to be suspicious when scanning a code.

“What if the legitimate code has been replaced with a malicious one?

“Checking the links you are taken to may not sound fun and probably eliminates the convenience of the QRs to begin with.”

Ng says users can avoid becoming victims to QRishing (QR code-initiated phishing attacks) by following three simple steps:

ALWAYS be careful and attentive. Before scanning a QR code, make sure that it is not covering another code. If in doubt, do not scan the code.

IF after scanning the QR code, it opens up the app store or a website, make sure that the code has taken you to the place you wanted to go.

Check the links, publisher and details. Do not blindly install any application. Check the requested permission details.

If you are about to make a payment, make sure the QR code is generated by the company whose code and info you saw.

Where possible, set a limit per tran-saction.

IF you are using an Android device, install a trusted security solution that check sites for malicious content and downloaded software for malware. Android smart devices are highly targeted by malware writers.

Ng says Kaspersky has developed a QR Scanner app that checks every code it scanned.

“The app gives you quick, easy and safe access to websites, images and text.

“It lets you connect safely to WiFi and saves contact details from business cards in seconds without manual input.”

The app can be downloaded for free from the App Store and Google Play store.

Two friends who misused a social messaging application by providing prostitution service around Klang Valley landed them a 14-year-jail sentence by the Sessions Court today. FILE PIC

‘No report of QR code scams’

THE Quick Response (QR) codes scam might be on the rise, but Malaysia is still unaffected.

When contacted, Federal Commercial Crimes Investigation Department deputy director (cyber crimes investigation/multimedia) Senior Assistant Commissioner Ahmad Noordin Ismail said there were no reported cases of such scams so far.

The scams came to light following news reports of such incidents in China.

In Guangdong province, about 90 million yuan (about RM56 million) has reportedly been stolen via these QR code scams.

In another incident in Foshan, policemen arrested a man on suspicion of pocketing 900,000 yuan through QR code frauds.

KUALA LUMPUR 31 OKTOBER 2017. Hanya scan bar kod bagi selesai pembayaran. gambar internet

Barcode has data

QR is short for “Quick Response.” A QR code is a barcode that contains data that can be read by a phone’s camera. These codes, once scanned by your phone, can provide you with a URL, contact information, SMS or other links to information on your phone.

Unlike other barcodes that have to be sent to a database to retrieve information, QR codes are self-contained, hence, the “Quick Response”.

Most smartphones have a tool that allows them to download a QR code reader. Once you download a reader, the phone’s camera acts like a scanner, allowing it to “read” the barcode.

KUALA LUMPUR 03 FEBRUARI 2018. QR code. NSTP/EMAIL

What you need

TO scan a Quick Response (QR) code, you need:

A phone or other mobile device with a camera and Internet access.

A QR code reader app installed on your device. Some phones come with one pre-installed. If not:

For smartphones — search for “qr” in your phone’s application store (App Store, Google Play store, Blacberry World app, etc.)

Other phones — text a picture of a QR code to 43588 or email it to scan@scanlife.com. You will get a reply with the URL.

Source: NST

Share:

More Posts

Low-Code Platforms for Everybody

Introduction A low-code development platform provides a development environment used to create application software through a graphical user interface. A low-coded platform may produce entirely

Microservices

Introduction Microservice architecture is an architectural pattern that arranges an application as a collection of loosely-coupled, fine-grained services, communicating through lightweight protocols. The Microservice architecture

Guidance from Abang Caspian towards the participants

Mixed Reality Workshop

Introduction What is all the hype with Augmented Reality, Virtual Reality and the MetaVerse all about? Get the latest glimpse of how these technology works

Understanding 5G

Introduction In telecommunications, 5G is the fifth-generation technology standard for broadband cellular networks, which cellular phone companies began deploying worldwide in 2019, and is the

Send Us A Message