.png)
CARELESS scanning of QR codes or clicking on unfamiliar links may now expose users to increasingly sophisticated cyberattacks, as criminals manipulate quick response (QR) codes and shortened URLs to steal sensitive information — a method known as ‘QR phishing’ or ‘quishing’.
This tactic involves redirecting users to fake websites or malicious applications that masquerade as legitimate platforms, with the aim of harvesting login credentials, bank details or credit card information.
Dr Shafiza Mohd Shariff, Deputy Dean of Academics and Technology at the Malaysian Institute of Information Technology, Universiti Kuala Lumpur, warned that even a single misguided click can lead to more advanced scams such as deepfake videos or voice phishing, often conducted using spoofing techniques.
“Scams via fake links and QR codes allow cybercriminals to steal victims’ personal data, including banking information,” she told *Bernama*. “They can also implant malicious code that grants them full access to the victim’s device.”
One common method involves imitating online banking platforms. “Many users fall for counterfeit banking sites that replicate the official design and domain. Believing it to be authentic, victims unknowingly submit their private information.”
Spoofing, she explained, adds another layer of deception. “With the victim’s phone number, attackers can alter caller ID to mimic a familiar contact. Combined with voice cloning, this creates convincing impersonations used in personal and corporate scams.”
Given the mounting risks, Dr Shafiza urged the public to remain vigilant. “Do not scan or click links without verification. Avoid links that are unusually long or filled with slashes and dots, especially if the domain does not match the legitimate site.”
She recommended using browser plugins to detect phishing attempts, and verifying suspicious links on platforms such as *phishtank.com* or *virustotal.com*. “Never click links from unverified texts or emails. Confirm the message’s legitimacy through online searches and always check for secure site features like the padlock icon and ‘HTTPS’ in the address bar.”
Where possible, users should install antivirus software on their smartphones, she added.
For those who have fallen victim to such scams, Dr Shafiza advised taking immediate steps: “Change your passwords for all affected apps and conduct a full malware scan, especially if you have antivirus software installed.”
As cybercriminals continue to adapt, public awareness and digital literacy remain the first line of defence. - August 14, 2025
