PETALING JAYA: Do not click on advertisement links on social media sites, which offer various services, without first verifying that the companies advertising are bona fide, have business licences and are registered with the relevant authorities.
This is the latest advice from cybersecurity experts who reiterated their warnings to the public after noticing daily occurrences of scams in the country.
Universiti Sains Malaysia Assoc Prof Dr Selvakumar Manickam said that in a world in which people do almost everything online using their smartphones, it is not surprising that service providers leverage social media platforms to reach potential customers.
“Advertisers have the right to offer their services through apps, web portals or mobile links. But, it is best to only download such apps from Google Play or Apple App Store as they have security mechanisms that check for malicious apps.
“If the link provided by a maid agency, for instance, leads to some other site, then the public is advised to immediately come out of it and not allow any downloads.
“Then again, even if a link leads to a trusted portal, the user must still read reviews by other users, search the web to ensure it is legitimate, and during installation, check if the app asks for permission to access features only relevant to its purpose.
“For example, if an app for a calculator requests permission to access the phonebook, this should raise a red flag, and the user must immediately uninstal the app or face the risk of having his data stolen.”
He said if the user is not vigilant and does not take steps to check and verify an app’s authenticity before installing it, no matter how advanced anti-scam technology is, it will still fail.
“Understandably, all these checks are time-consuming and arduous, but the fact remains that it lowers one’s risk of getting scammed.”
Selvakumar said it is difficult to say whether advertisement links on social media platforms are genuine efforts by companies to provide their services to potential clients, or if they are blatant attempts by scammers to instal malicious apps on innocent users’ devices.
“If an app is indeed malicious, the cybercriminals will have a field day carrying out all kinds of malicious activities on the victim’s device. The implication can range from data privacy issues and information theft to the device being attacked, damaged or having bank accounts raided.
“Popular apps for games and productivity have been found to have some elements of malicious behaviour. So, we can assume that cybercriminals can leverage any form of service or product that is popular to trick or force users to instal malicious apps that pretend to be legitimate ones.”
Selvakumar advised the public not to download any links provided by companies on social media platforms if they do not lead back to Google Play or Apple App Store.
“Go to these two sites and search for the app, read the reviews and only then decide to instal it. If the app is not found on Google Play or Apple App Store, chances are they are not trustworthy. If possible, email or call the service providers or agencies to verify their existence, or look for alternatives.
“It is not worth the risk of blindly installing any app because a company or service provider demands that you do so to procure its services. If you do as requested, you run the risk of getting scammed.”
