Quann Malaysia, formerly known as e-Cop Malaysia, said the black-and-white squares were often seen in websites, restaurants, advertisements and retail outlets, and gave users a quick way to unlock or retrieve information related to a business.
“There’s a rising number of cases where criminals have been sticking their own codes over a business’ original one to steal the scanner’s data or access the scanner’s smartphone to tap into their bank account,” general manager Ivan Wen said in a statement.
Quann Malaysia said the problem with QR codes was that it was impossible to visually differentiate an original code from a malicious one.
It said it was important for merchants to conduct regular checks to ensure that malicious codes are not pasted on their merchandise or posted on their websites.
“Although there is no visible way to differentiate between an authentic QR code and a phoney one, there are some precautions you can take,” it added.
It advised users to observe the collateral for any signs of tampering such as a sticker placed on a printed menu or pamphlet before scanning a QR code.
“Look out for pixelated images and logos, as well as spelling mistakes to identify fake collaterals.”
It also advised the use of a secure QR code scanner that can flag malicious websites and show the actual URL before scanning the code.
“Don’t key in any personal information after scanning a QR code,” it added.
“Be wary about scanning a code in public places, like transportation depots, bus stops or city centres, even if it’s on a printed poster.”