Quann Malaysia (formerly known as e-Cop Malaysia) is putting out a warning that scammers have started using fake ‘quick response’ (QR) codes to steal data and money from users.
The black-and-white squares are seen on websites and advertisements, enabling users to quickly scan and get more information related to a business.
Quann’s warning comes at the back of an expected spike in the proliferation of QR Code usage as certain vendors (such as WeChatPay and Alipay) introduces eWallets (that involves using the mobile phone for QR code scanning) into Malaysia’s online payment ecosystem to drive retail consumerism.
Ivan Wen, General Manager of Quann Malaysia says: “There has been a rising number of cases where criminals have been sticking their own codes over a business’ original one to steal the scanner’s data or access the scanner’s smartphone to tap into their bank account.”
“The problem with QR codes is that it is impossible to visually differentiate an original code from a malicious code. It is important that merchants regularly check to ensure malicious codes are not pasted on their merchandise or posted on their websites,” he continues.
Wen also mentions that about RM55 million was stolen in China’s Guangdong province, where QR codes are widely used as a form of mobile payment. As a result, the People’s Bank of China has begun regulating QR code daily spending limits, as well as requiring all payment institutions to obtain a license before they can legally offer QR code payment facilities to their customers.
Although there is no visible way to differentiate between an authentic QR code and a phony one, there are some precautions you can take:
- Before scanning a QR code, observe the collateral for any signs of tampering such as a sticker placed on a printed menu or pamphlet
- Look out for pixelated images and logo as well as spelling mistakes to identify fake collaterals
- Use a secure QR code scanner that can flag malicious websites and show the actual URL before scanning the code
- Do not key in any personal information after scanning a QR code
- Be wary about scanning a code in public places, like transportation depots, bus stops or city centres even if it’s on a printed poster