Monday, May 16, 2022

askST: How do you know if a QR code is safe to scan at eateries? 2022-05-16

askST: How do you know if a QR code is safe to scan at eateries?

https://www.straitstimes.com/singapore/consumer/askst-how-do-you-know-if-a-qr-code-is-safe-to-scan-at-eateries

FOR SUBSCRIBERS

askST: How do you know if a QR code is safe to scan at eateries?

Amanda Lee and Deon Loke
PUBLISHED 16 MAY 2022, 5:00 AM SGT

SINGAPORE - Quick Response (QR) code menus, which were initially adopted to reduce the transmission of Covid-19 between staff and patrons in the food and beverage sector, are here to stay in the longer term.

By scanning a QR code, patrons are directed to a website where they can view the menu, order food and/or make payments. While it helps eateries in their business operations, it also raises questions about security when consumers scan such codes.

The Straits Times speaks to experts about what diners can look out for when they scan QR codes at eateries and how they can protect themselves while using the technology.

Q: How do I use QR codes in an eatery?
A: At eateries, a printout of the QR code is usually placed on tables and patrons scan it with their digital device to get a link to the online menu and place their order. Payments can either be made digitally or physically at a cashier's counter.

Q: I scanned a QR code to view a menu, but there is no online payment involved. Am I putting myself at risk by scanning the code on my digital device?
A: Yes, you could be putting yourself at risk.

Mr David Ng, Singapore country manager of cyber-security firm Trend Micro, said one major concern that consumers should be wary of is phishing scams, or in this case, "quishing".

For example, scammers have been known to incorporate QR codes into their phishing attacks to steal banking credentials, he added.

"This is where the QR code links to a phishing site and the victim is teased into entering personal data for malicious actors to obtain," he noted.

Mr Ng also said another concern is malware.

In the past, there have been cases of QR code and barcode scanner apps being infested with malware, enabling malicious actors to gain full control of the device.

"This is extremely worrisome as the entire process can be done unsuspectingly," he added.

Q: I keyed my credit card information to pay for my meal on an unsecured website. What could happen to my information?
A: Your credit card information could be compromised without you knowing.

Mr Budiman Tsjin, solutions engineering manager of Asean at IT security firm CyberArk, said there is a risk that someone can intercept and get that information and use it for illegal purchases.

"Consumers must be more vigilant on how they make online payments," he added.

You should frequently review online transactions to quickly spot fraudulent ones and suspend your cards to reduce losses, he added.

Mr Don Tan, senior director for Asia-Pacific at cyber-security company Lookout, said most consumers do not even know that their personal information has been compromised. Thus, it is important to monitor your personal accounts consistently, he added.

Q: How can I protect myself against cyber threats while scanning QR codes?
A: You can take precautionary actions such as using your default camera app on your device to scan the codes. Mr Ng said, by doing so, it can prevent malware infestations.

Mr Tan said to avoid the risk of mobile malware or credential compromise via malicious QR code, you should never scan a code without first validating its source.

You should also protect your mobile device from phishing sites and malware by leveraging a free or paid mobile security solution that will detect and protect against malicious sites, spyware, adware and phishing attacks.

"They only allow safe sites by blocking phishing and malicious content," said Mr Tan.

Q: What should I look out for when I want to make payment online?
A: You should look out for the Universal Resource Locator (URL) before clicking on it.

Mr Tan said phishing websites can be very hard to detect as they use a similar-looking URL to a trusted website by changing one character within the URL.

"Consumers should always check the URLs before clicking to be redirected. If this URL does not appear to be a trusted source or differs from the URL of the known company, exit the website immediately," he added.

Mr Ng said there are a few things that consumers can look out for to ensure that a digital menu or payment page is secure.

For example, you can pay attention to the URL of the website.

Mr Ng said if it begins with "https" instead of "http", it means the site is secured using a Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate, which encrypts all your data as it is passed from your browser to the website's server.

"These are digital certificates that are essential to securing Internet browser connections and transactions… They ensure data privacy and integrity as data moves across the network of multiple computers and endpoints," said Mr Ng.

No comments: