PETALING JAYA: The quick response (QR) code has been a popular payment method, including when transferring money to charity.
But beware, it can be easily misused by unscrupulous groups.
One restaurant owner, who allowed donation boxes on his counter, fell victim to such a scam last year.
Omar Johan, 53, said that when the charity organisation came to pick up the donation box, they were shocked to find that the original QR code had been covered by another sticker, with a different code.
All the donated money had gone into someone else’s individual account.
“I did not realise it until they pointed out that the sticker had been covered over. We then checked the CCTV footage and saw a person pasting the sticker on the donation box.”
A police report was lodged by the charity organisation.
“I felt guilty about not being more vigilant but the charity organisation did not hold any grudges.
“Owners have to regularly check and update existing QR codes on our premises,” he added.
On Thursday, Bukit Aman Commercial Crime Investigation Department (CCID) acting director Datuk Rohaimi Md Isa said online purchase fraud cases had soared by 36.9% from Jan 1 to March 24, compared with the same period last year. There were 2,328 cases recorded, resulting in losses exceeding RM19mil.
Public WiFi can also be abused by these thieves.
Josh Lim, who often uses QR code to pay, has been experiencing an increased number of unknown calls after transferring money using public WiFi.
The 45-year-old said he was paying for his meal at a cafe when the worker said his Internet connection was unstable indoors.
Josh then used the cafe’s WiFi to make payment.
“It seemed pretty harmless when I registered on the public WiFi but then I started receiving calls from unknown numbers, most of them scams calls.
“I wonder if hackers had gained access to my number,” he added.
T. Jeremiah, 28, is also wary of public WiFi and uses his personal Internet data when doing online banking transactions, and uses Internet roaming services when travelling overseas.
“I believe that public WiFi exposes your device to security risks as the provider might gain access to your credentials in some way,” he said.
For QR payments, Jeremiah said he will only scan codes from credible sources such as with Touch ‘n Go eWallet or DuitNow Transfers.
“I will also make sure the recipient’s name is stated on the app after scanning before I proceed to payments. I read on social media that criminals can stick their own QR codes at public QR payments.
“I am even more careful when scanning a QR code at event registrations, as sometimes the organisers use an open source/third party website to collect data. It could expose my device to any malware,” he said.
