Quann Malaysia Warns of Rising QR Code Scams
Quann Malaysia (formerly known as e-Cop Malaysia), a leading regional managed cyber security services provider, warns that scammers have started using fake ‘quick response’ (QR) codes to steal data and money from users.
The black-and-white squares are often seen on websites, restaurants, advertisements, rental bikes and retail outlets – to enable users to quickly scan to unlock, or retrieve information related to a business.
Quann’s warning comes at the back of an expected spike in the proliferation of QR Code usage as vendors such as WeChatPay and Alipay introduce eWallets (that involves using the mobile phone for QR code scanning) into Malaysia’s online payment ecosystem to drive retail consumerism.
Ivan Wen, General Manager of Quann Malaysia says, “There’s a rising number of cases where criminals have been sticking their own codes over a business’ original one to steal the scanner’s data or access the scanner’s smartphone to tap into their bank account.”
The problem with QR codes is that it is impossible to visually differentiate an original code from a malicious code. It is important that merchants regularly check to ensure malicious codes are not pasted on their merchandise or posted on their websites.”
He shared that about RM55 million was stolen in China’s Guangdong province – where QR codes are a mobile payment norm. The scam is discovered to be common in restaurants where QR codes were fixed and not regularly changed.
In response, the People’s Bank of China have begun regulating QR code daily spending limits, as well as requiring all payment institutions to obtain a license before they can legally offer QR code payment facilities to their customers.
Scammers can replace the original QR codes on billboards and pamphlets to divert users to malicious websites where users key in their personal information. The personal information is later used to send phishing emails laden with malware which could infect the victim’s computer systems. QR codes can also be used to infect smartphones with viruses allowing criminals to steal money from the victim’s mobile wallet or ransomware where data is encrypted for a ransom.
What Malaysians can do
Although there is no visible way to differentiate between an authentic QR code and a phony one, there are some precautions you can take:
- Before scanning a QR code, observe the collateral for any signs of tampering such as a sticker placed on a printed menu or pamphlet
- Look out for pixelated images and logo as well as spelling mistakes to identify fake collaterals
- Use a secure QR code scanner that can flag malicious websites and show the actual URL before scanning the code
- Do not key in any personal information after scanning a QR code
- Be wary about scanning a code in public places, like transportation depots, bus stops or city centres even if it’s on a printed poster
“The impact of mobile malware could be devastating as the hacker can access your private information as well as your phones camera to spy on you. We advise users to be cautious when scanning QR codes.
As more mobile payment platforms look to enter the Malaysian market, it is important that users and merchants both exercise the necessary precautions to ensure both parties do not lose money or data to similar scams,” Wen added.
Quann, formerly known as e-Cop, is a cyber security services provider and has been in the cyber security business for over 15 years. Quann has evolved from being a Managed Security Service Provider serving enterprises and government agencies, to a leading regional cyber security services provider with an extensive Asian footprint. It is currently the largest service provider with more than ten ISO/IEC 27001 certified, in-country next-generation Security Operations Centers (SOCs) in Asia Pacific that help organizations detect, prevent and respond to cyber threats. Quann’s next-generation SOCs operate on its own patented technologies which provide real-time, advanced big data analytics to swiftly alert both known and unknown threats.
The company is headquartered in Singapore and has offices in Malaysia, Hong Kong, Thailand and India. It has a workforce of over 300 certified security professionals with the skills and knowledge in designing, validating and managing security solutions, as well as providing incident response and forensic services.
For more information, visit www.quannsecurity.com.