The National Information Technology Development Agency (NITDA) has issued a cautionary alert to Nigerians, advising them to exercise caution when scanning QR codes due to the surge in fraudulent activities orchestrated by scammers.
In its latest advisory seen on its official X account on Sunday, the agency highlighted the alarming trend of people exploiting QR codes for various fraudulent schemes, including phishing scams, payment fraud, data theft, and identity theft.
QR codes, commonly recognised as machine-readable codes composed of black and white squares, are typically utilised for storing URLs or other information accessible by smartphone cameras.
The advisory serves as a reminder for users to remain vigilant and implement necessary precautions before scanning QR codes to mitigate the risk of falling victim to cyber scams.
The advisory read in part, “QR codes, while fast and convenient for quick access to information and actions, have unfortunately become a tool exploited by scammers for fraudulent activities. These activities take various forms and are designed to lure unsuspecting users into scanning them.
“The implications of these codes on users vary depending on the approach taken by the Scammer Impact QR codes, which can be exploited by malicious actors to deceive unsuspecting users and perpetrate fraudulent activities.”
The NITDA revealed that fraudsters deploy multifaceted methods to perpetrate their illicit activities through QR codes.
“Phishing scammers can generate QR codes that point to malicious applications or phishing websites. Users scan these codes, thinking they are genuine, and end up having their information stolen.
“Scammers can create QR codes that start illicit transactions or reroute payments to their accounts rather than to the intended recipients.
“Threat actors may embed malicious payloads like malware or data-stealing scripts within QR codes. By exploiting security vulnerabilities in users’ devices, they can steal private documents, financial information, and passwords, among other sensitive data.
“Users’ personal information, including names, addresses, and contact details, can be collected using QR codes inserted in fake advertisements or online surveys. This information can then be exploited for identity theft or other targeted frauds,” the advisory added.