KUALA LUMPUR: Online consumers using e-wallets and other electronic payment methods are strongly discouraged from conducting transactions over a public Wi-Fi connection.
Hazlin Abdul Rani, Head of Crypto Development at CyberSecurity Malaysia, said that threats and hacker attacks could occur immediately through unsecured public WiFi where personal data and possibly all account information and password information login could be accessed during the transaction process.
She also advised users to be cautious about the possibility of attackers impersonating the valid public WiFi network.
“For example, if you are in an airport, the name of the WiFi is ‘Airport ABC’, but the attacker creates a WiFi with the name ‘Airport ABC1’, or even changes the capitals or small letters of the alphabet of the WiFi to make you think you are using valid or legitimate WiFi.This confusion can also lead users to fall into their trap.
“Therefore, be vigilant and avoid using public WiFi. Use a secure network connection with passwords instead,” she said during a virtual panel discussion hosted by the World Islamic Economic Forum Foundation, titled “#iEMPOWER: e-Wallet – Embracing a Cashless Transformation.” , today.
Hazlin further said users should also be wary of social engineering attacks that target them through phone calls, messages on mobile devices, and emails that contain malware.
“Due to lack of information, we may not be aware of the attack, especially when you receive phone calls and answer questions about personal information without knowing that these people are imposters posing for authorities, bank representatives or the police, among others.
“Be careful not to divulge any personal details as this will compromise all your login credentials and e-wallets. Make sure to set one password for your device and another different password for the app you are using to further protect your data,” she said.
Hazlin also noted that there are instances where users can allow an app to access certain information in their data.
This could lead to hackers gaining access to user login credentials and e-wallet information, she warned.
“When accessing information on websites and downloading/uploading it, and making transactions from applications from an unknown source, you must ensure that it is a legitimate application.
“Check the correct URL address, spelling, including lowercase or uppercase letters and symbols used in the web address,” Hazlin pointed out.
From a merchant perspective, she said the point-of-sale (POS) system and systems that require QR code scanning must be encrypted to secure any authorization granted.
This is to ensure that system transactions, data and information are secure and that no one else has access to said data and information.
She also said app developers should be able to provide protection to their customers who will use and benefit from their technology in the digital age and e-commerce.
Security features should include two-way authentication, where a user must provide biometric identification and a personal information number (PIN) or password. — Bernama