Online users reminded to beware of scam QR codes, suspicious links

Online users reminded to beware of scam QR codes, suspicious links

Even a single careless click could lure users into sophisticated scams, including deepfake video fraud and voice phishing, experts warn.

generic qr code
Always be careful when you come across unknown QR codes, such as the one above. (Envato Elements pic)
KUALA LUMPUR:
The careless scanning of QR codes or clicking on unverified links can expose users to personal data leaks, experts warn, noting that cybercriminals are increasingly using fake codes with shortened URLs to deceive victims.

This tactic, known as QR phishing or “quishing”, directs users to fraudulent websites or malicious applications designed to steal sensitive information such as usernames, passwords and credit card details, often by impersonating trusted entities.

Shafiza Mohd Shariff, deputy dean of academics and technology at the Malaysian Institute of Information Technology, said even a single click done thoughtlessly could lure users into sophisticated scams, including deepfake video fraud and voice phishing.

“Fake links and fraudulent QR codes allow scammers to steal personal data, including banking information. They could also install malicious software (malware) that give them full control over a device.

“Many users are tricked by fake banking websites that use domain names and appearances that closely resemble the genuine ones. Victims believe the site is legitimate, but their personal information is being stolen without their knowledge,” she told Bernama.

Shafiza Mohd Shariff.

In spoofing scams, criminals who obtain a victim’s phone number can alter the caller ID to mimic a familiar contact number – complete with voice-cloning technology to imitate the purported caller’s actual voice – and use it for personal or corporate fraud.

Shafiza advises online users to remain vigilant at all times. “Do not click if the link is unusually long or contains many symbols such as slashes or dots, or if the domain address does not match the intended website. These are usually fake and will redirect victims to scammer sites,” she said.

Other precautionary steps include:

  • installing phishing-detection plugins on browsers;
  • checking links at sites such as phishtank.com or virustotal.com;
  • avoid clicking on links from unverified messages or emails;
  • search to verify legitimacy of messages;
  • check for website security features like the padlock icon and HTTPS;
  • install antivirus software on mobile devices;
  • use new passwords for each application and change passwords regularly;
  • regularly perform malware scans with antivirus software.
scammer
Online users are urged to remain vigilant at all times and avoid clicking on links without verification.

Meanwhile, Malaysia Cyber Consumer Association president Siraj Jalil warned that online threats are becoming increasingly sophisticated, with criminals leveraging artificial intelligence to combine multiple tactics in a single attack.

“Cybercriminals are now found to be using multi-modus-operandi models, including love scams, mobile phone fraud, sextortion, creation of child sexual abuse material, and commercialised pornography.

“There are cases targeting male teenagers through fake social-media accounts, especially on TikTok, luring them to send sexual images or videos before extorting ransom payments,” he said.

Such material is also known to have been sold on social-media platforms to paedophile groups, he added.

Siraj stressed that cybersecurity is a shared responsibility, and the space for such criminals will shrink if there is greater awareness among users and society at large.

“If users themselves can become agents of awareness and knowledge sharers, and take responsibility in helping those with lower digital literacy, we can build a society with strong digital-safety values,” he said.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.