KUALA LUMPUR, June 15 — Online consumers that use e-wallets and other e-payment methods are strongly advised not to conduct any transactions over a public WiFi connection.
CyberSecurity Malaysia cryptography development head, Hazlin Abdul Rani said threats and attacks from hackers could immediately happen through an unsecured public WiFi where personal data and possibly all account information and login credentials could be accessed during the transaction process.
She also advised users to be cautious about the possibility of attackers impersonating the valid public WiFi network.
“For example, if you are at an airport, the name of the WiFi is ‘Airport ABC’, but the attacker creates a WiFi with the name ‘Airport ABC1’, or even changes the capital or small alphabet letters of the WiFi to make you believe that you are using a valid or legit WiFi. This confusion can also lead users to fall into their trap.
“Therefore, be vigilant and avoid using public WiFi. Instead, use a secured network connection with passwords,” she said in a virtual panel discussion organised by the World Islamic Economic Forum Foundation, titled “#iEMPOWER: e-Wallet – Embracing a Cashless Transformation”, today.
Hazlin further said users must also be wary of the social engineering attacks that target them through telephone calls, messages on mobile devices and emails with attached malicious software (malware).
“Due to lack of information, we may not be aware of the attack, especially when you receive telephone calls and answer questions about personal information without knowing these people are imposters that are pretending to be the authorities, bank representatives or the police, among others.
“Be careful not to give away any personal details as it will compromise all your login credentials and e-wallets. Make sure you set a password for your device and another different password for the app you use to further protect your data,” she said.
Hazlin also noted there are instances where users may grant permission for an app to access certain information in one’s data.
This could lead the hackers to access the user’s login credentials and e-wallet information, she cautioned.
“When accessing and downloading/uploading information in websites, and conducting any transactions from applications from an unknown source, you need to make sure that it is a legit application.
“Check for the correct URL address, spelling, including the small or capital letters and symbols used in the web address,” stressed Hazlin.
From the merchants’ perspective, she said the Point-of-Sale (POS) system and systems that require QR code scanning must be encrypted to secure any permission that is granted.
This is to ensure transactions, data and information in the system are secure and no one else has the access to the said data and information.
She also said that app developers should be able to provide protection to their customers who will be using and benefitting from their technology in the digital and e-commerce era.
Among the safety features is to include a two-way factor authentiication, where a user must provide biometric identification and a Personal Information Number (PIN) or password.