Experts: It’s easier for hackers to access your details
PETALING JAYA: It’s something almost everyone does – visit a restaurant or cafe and ask the staff for the public WiFi network password.
It saves money, as you do not need to pay for mobile data. But you could end up paying a far higher price.
Those using public WiFi connections, especially when making financial transactions, stand a higher chance of falling victim to online fraud, say cybersecurity experts.
“Some hackers can easily set up a fake wireless access point that imitates the real ones, and they can then hijack the transaction details.
“This is why it is not advisable to use public WiFi,” says cybersecurity specialist Fong Choong Fook.
“For example, a hacker can imitate a public access point like the public WiFi offered by a popular coffee chain store and direct users to their fake connection,” he said.
He said customers should use mobile data connections when performing financial transactions.
He also recommended installing a Virtual Private Network (VPN) application on devices to ensure a more secure network connection.
Bukit Aman Commercial Crime Investigation Department (CCID) acting director Datuk Rohaimi Md Isa had earlier advised the public to remain vigilant when doing online purchasing, which has become very popular.
Online purchase fraud cases have increased to 2,328 cases this year with RM19mil losses between Jan 1 and March 24.
This is a 36.9% increase on the 1,700 cases with RM13.66mil losses in 2023, according to the CCID.
Financial forensics expert Raymon Ram said the sharp increase in online fraud was a wake-up call for everyone.
He stressed that vigilance was the key when shopping online, browsing on public WiFi, or simply scanning a QR code.
“Verify before you trust. When in doubt, consult the Semak Mule portal, confirm seller legitimacy, or report suspicious activity,” he said.
Among the ways cybercriminals exploit unsecured public WiFi networks is through “packet sniffing” using tools like Wireshark, allowing criminals to analyse data packets on unsecured networks.
He said that if a user is sending an email or logging into an account on an HTTP (not HTTPS) site, their username and password may be fully visible to the cybercriminals.
“A criminal may even intercept your authentication token and impersonate you online – browsing your email, accessing your banking dashboard, or making purchases in your name.
“Phishing via WiFi login pages – where some rogue WiFi networks redirect you to fake login pages to capture your personal info – is also possible.
“Users believe they’re logging into a cafe network, but instead, they’re giving away their name, phone number and email,” he said.
Raymon, who also manages cybersecurity governance and data privacy frameworks, said the public should only use reputable platforms and buy from verified sellers on Shopee, Lazada, or official brand sites.
“Always avoid sending money via bank transfer to unknown individuals. You can verify the authenticity of the bank account numbers or phone numbers that have been reported in fraud cases using the Semak Mule portal,” he added.
Raymon warned of “too-good-to-be-true” deals.
If the price or promotion seems suspiciously cheap, it’s probably a scam.
He also reminded users to enable two-factor authentication (2FA), which adds a second verification step, significantly reducing the risk of account takeovers.
“Check the website URL carefully, as fake sites often use domains that mimic legitimate brands, such as lazada-store.net instead of lazada.com.my.
“Always confirm before clicking. Seek real-time verification and ask for a live product video or use platforms with verified seller status.
“Avoid sellers that create urgency when selling their products or send suspicious payment links,” he said.
The public can report fraud reports or seek immediate assistance by contacting the National Scam Response Centre (NSRC) at 997.
