ONLINE consumers who use e-wallets and other e-payment methods have been strongly advised not to conduct any transactions over a public Wi-Fi connection.
According to CyberSecurity Malaysia cryptography development head Hazlin Abdul Rani, threats and attacks from hackers could immediately happen through an unsecured public Wi-Fi where personal data, and possibly all account information and login credentials, could be accessed during the transaction process.
She also advised users to be cautious about the possibility of attackers impersonating the valid public Wi-Fi network.
“For example, if you are at an airport, the name of the Wi-Fi is ‘Airport ABC’, but the attacker creates a Wi-Fi with the name ‘Airport ABC1’, or even changes the capital or small alphabet letters of the Wi-Fi to make you believe that you are using a valid or legit Wi-Fi. This confusion can also lead users to fall into their trap,” she was reported as saying by Bernama.
Therefore it is crucial to be vigilant and avoid using public Wi-Fi; instead, use a secured network connection with passwords, she added.
Hazlin – who said this in a virtual panel discussion organised by the World Islamic Economic Forum Foundation titled “#iEMPOWER: e-Wallet – Embracing a Cashless Transformation” today – went on to say that users must also be wary of the social engineering attacks that target them through telephone calls, messages on mobile devices and emails with attached malicious software (malware).
“Due to lack of information, we may not be aware of the attack, especially when you receive telephone calls and answer questions about personal information without knowing these people are imposters that are pretending to be the authorities, bank representatives or the police, among others,” she elaborated.
“Be careful not to give away any personal details as it will compromise all your login credentials and e-wallets. Make sure you set a password for your device and another different password for the app you use to further protect your data.”
Hazlin went on to point out that there are instances where users may grant permission for an app to access certain information in one’s data.
This could lead the hackers to access the user’s login credentials and e-wallet information, she cautioned.
“When accessing and downloading/uploading information in websites, and conducting any transactions from applications from an unknown source, you need to make sure that it is a legit application,” she advised.
“Check for the correct URL address, spelling, including the small or capital letters and symbols used in the web address.”
From the merchants’ perspective, Hazlin explained that the point-of-sale (POS) system and systems that require QR code scanning must be encrypted to secure any permission that is granted.
This is to ensure transactions, data and information in the system are secure and no one else has the access to the said data and information, she added.
She also said that app developers should be able to provide protection to their customers who will be using and benefitting from their technology in the digital and e-commerce era.
Among the safety features is to include a two-way factor authentication, where a user must provide biometric identification and a Personal Information Number (PIN) or password. – June 15, 2022
