How to counter new cyber threats lurking in QR codes

Navigating cyberspace with all the lurking dangers and pitfalls can be risky business in today’s digital age. Late last month the Department of Technology and Crime Prevention alerted the public about the emerging threats of quishing and phishing using QR codes.

With the rise of digital payments in Cambodia, cyber-attacks are gaining increasing importance as corporations and individuals alike fall prey to elaborate scams. I-T professionals delved into the domains of these new dangers of cyberspace.

Quishing and phishing refer to specific types of cyber threats, often falling under the broader category of scam operations or cyber-attacks, said Mak Samyuthea, Collaboration and Partnership Manager of Enterprises Go Digital. Phishing involves using deceptive emails, messages, or websites to trick individuals into revealing sensitive information such as passwords or financial details.

Quishing, on the other hand, is a form of phishing that specifically utilizes phone calls or voice communications to carry out similar deception.

QR Code payment systems need strong implementation of cyber security measures, felt Dinesh Elango, Associate Professor, American University of Phnom Penh. That includes educating and creating awareness among the users about potential threats, encryptions and frequent security audits. It also calls for collaboration with cyber security experts from financial institutions, regulatory bodies and educational institutions and makes good strategies accordingly.

To safeguard the financial sector from these attacks, Mak recommended a multifaceted approach. “Financial institutions must prioritize robust cyber security measures, including advanced encryption technologies and biometric authentication, to fortify their digital infrastructure,” he added.

Fostering widespread awareness about phishing threats and promoting secure online practices through educational campaigns are necessary to mitigate the human element in these attacks. He went on to recommend collaborative efforts between regulatory bodies, financial institutions, and technology providers as being crucial for developing and enforcing standardized security protocols for QR-code transactions.

Assessing Cambodia’s banking sector’s readiness to counter these attacks involves examining the effectiveness of implemented security measures, incident response capabilities, and ongoing investments in cyber security technologies. Elango advised a comprehensive evaluation conducted by local cyber security experts.

“It is crucial to verify the authenticity of any communication,” said Mak, “especially emails or messages requesting personal information or financial details.” He recommended making direct contact with the institution using official contact details. Strong and unique passwords for different accounts and two-factor authentication add an additional layer of security. By regular updates of softwares and antivirus programs you can stay safe from vulnerabilities. Avoid clicking on suspicious links, and instead, manually enter website addresses.

Educating oneself on common phishing tactics and staying informed about the latest scams contributes to enhanced vigilance, he said. Monitoring bank statements and reporting any unauthorized transactions promptly ensures swift action against potential fraud. Continuous monitoring, prompt detection of suspicious activities, and swift response mechanisms are pivotal in ensuring the resilience of the financial sector against evolving cyber threats in the era of QR-code payments.

QR Code payment systems need strong implementation of cyber security measures, continued Elango. Among these measures are educating and creating awareness among users about potential threats, encryptions and conducting security audits frequently. Also necessary is collaboration with cyber security experts from financial institutions, regulatory bodies and educational institutions and formulating good strategies accordingly.