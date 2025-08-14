KUALA LUMPUR: Careless scanning of Quick Response (QR) codes or clicking on suspicious links can expose users to personal data leaks, as cybercriminals increasingly use fake QR codes with shortened URLs to deceive victims.

This tactic, known as QR phishing or ‘quishing,’ directs users to fraudulent websites or malicious applications designed to steal sensitive information such as usernames, passwords, and credit card details, often by impersonating trusted entities.

Deputy Dean of Academics and Technology at the Malaysian Institute of Information Technology, Universiti Kuala Lumpur, Dr Shafiza Mohd Shariff, said even a single careless click could lure users into more sophisticated scams, including deepfake video fraud and voice phishing that employ spoofing techniques.

“Fraud through fake links and QR codes allows scammers to steal the victims’ personal data, including banking information. They could also install malicious software (malware) that can give them full control over a device.

“For example, many users are tricked by fake banking websites that use domain names and appearances that closely resemble the genuine ones. Victims believe the site is legitimate, but their personal information is being stolen without their knowledge,” she said when contacted by Bernama.

In spoofing-related scams, criminals who obtain a victim’s phone number can alter the caller ID to mimic a familiar contact, complete with voice cloning to imitate the real voice, and use it in personal or corporate fraud.

Therefore, Shafiza advised users to remain vigilant and avoid scanning or clicking on any received links without verification.

“Do not click if the link is unusually long or contains many symbols such as slashes or dots, and if the domain address does not match the intended website. These are usually fake and will redirect victims to scammer sites.

“Users can also install phishing detection plugins on browsers, and check links at phishtank.com or virustotal.com. They should also avoid clicking on links from unverified messages or emails, search to verify the legitimacy of messages, check for website security features like the padlock icon and HTTPS, and install antivirus software on mobile devices if possible,” she said.

She also urged victims of online scams to use new passwords for each application and perform malware scans if antivirus software is available.

Meanwhile, Malaysia Cyber Consumer Association (MCCA) president Siraj Jalil warned that cyber threats are becoming increasingly sophisticated, with criminals leveraging artificial intelligence (AI) to combine multiple tactics in a single attack.

“Cybercriminals are now found to be using multi-modus operandi models, including love scams, mobile phone fraud, sextortion, creation of child sexual abuse material, and commercialised pornography.

“There are cases targeting male teenagers through fake social media accounts, especially on TikTok, luring them to send sexual images or videos before extorting ransom payments,” he said, adding that such material is also sold on social media platforms to paedophile groups.

Siraj stressed that cybersecurity is a shared responsibility, and the space for criminals to trap victims will shrink if society and users are more aware.

“If users themselves can become awareness agents, knowledge sharers, and take responsibility in helping those with lower digital literacy, we can build a society with strong digital safety values,” he added.

The Safe Internet Campaign, launched on Jan 21, focuses on four areas: cyberbullying, online scams and gambling, child sexual exploitation, as well as data protection and digital literacy, aiming to reach out to more than 10,000 educational institutions by year-end. - Bernama