Promotional codes

“Be careful when using QR codes”

PETALING JAYA: Quick Response (QR) codes are great for saving time and are sometimes the best way to share information. However, cybersecurity experts have warned users to be on high alert when the link prompts them to install unauthorized apps on their cellphones or enter personal data.

Fong Choong Fook, president and cybersecurity consultant at cybersecurity firm LGMS Bhd, said the public should be careful when scanning a QR code in public places.

Whether outside a restaurant, building or ATM, these codes can be replaced by hackers.

“If the QR code shows you a menu or a website, it can usually be trusted. It’s fine as long as you don’t enter any personal details like ID card numbers, home addresses, passwords or install any apps from unauthorized links.

“Hackers and scammers can replace the QR code with a fake one. Our company conducted security tests in a bank where we placed fake sweepstakes promo codes in front of an ATM and successfully tricked people into scanning the code. Our tests showed that the majority of ATM users gave out their usernames and passwords.

He said it showed the bank the dangers of having QR codes in ATMs and justified their removal.

eSecurity and Privacy Channel and Cybersecurity Malaysia Assoc Founder Prof Datuk Dr Husin Jazri said that as long as the QR code is professionally designed and unique, it can represent the right attributes and serve its purpose.

“It must be properly tested before being put into service so that the link (directs) correctly to the intended destination. Scammers or hackers can hijack a QR code indirectly by swapping the original with a new one that redirects the link elsewhere.

“Users should always check if the QR code takes them to the correct destination before confirming or accepting QR code transactions,” he said. the sun.

He added that it is the same as the “phishing technique” which is used by hackers or scammers to trick the target into believing that they are going to the right destination.

Agreeing with Husin, criminologist Shankar Durairaja said cybercriminals can exploit this technology through physical and digital QR codes.

“Cybercriminals can direct users to malicious sites to steal their data, embedding malware to gain access to a victim’s device and redirect payments.

“Usually, scanning the fake QR code would lead victims to malicious sites designed to obtain a victim’s bank details, credit card information or other personal data.”

However, Shankar said cybercriminals cannot directly access data through QR codes.

“These criminals can only access the data when users enter it on the fake websites linked to the malicious QR code.”