The country is rapidly moving towards a cashless economy as digital transactions have made life easier by eliminating the need of travelling to pay cash or log on to the internet NEFT or RTGS transactions are completed via a short-term payment called the Unified Payment Interface (UPI), offered by the National Payment Corporation of India (NPCI).
UPI (Unified Payments Interface) has become one of the most popular payment gateways. Simply scan a QR code and enter a four-digit PIN to authorise a financial transaction, and the entire transaction is completed in seconds. Many payment applications which use QR codes are Google Pay, Paytm, PhonePe, BHIM, Mobi Kwik, Payz, and Razorpay etc.
A Quick Response (QR) code is a scannable barcode encoded with data. Fraudsters take this convenience as an opportunity and create their own QR codes to steal personal information and receive money from gullible victims in a fraudulent manner.
When on-line, someone posts an item to sell, these scammers pose as buyers and generate a QR code, which will be sent on WhatsApp or on other social media. They then instruct the victim to scan a QR code to receive money, but in reality, money gets debited from the victim’s bank accounts. Victims actually scan QR codes sent by fraudsters, believing that money would be credited into their accounts.
Shopping QR code scan fraud and its modus operandi:
Many crimes are committed through phishing calls, SMS/emails, or social media. Scammers have now changed their modus operandi to QR code scanning fraud, and let’s discuss how the QR code fraud happens. Victims lose the money as soon as they scan the code, unaware of the fact that scanning the QR code loses money.
- Step 1: On the online marketplace and classified advertising portals, most of us advertise the buying or selling of a second-hand car, a bike, etc. As soon as he sees the advertisement, he poses as a prospective buyer, negotiates the price and seeks all the information as required, and also inquiries about your bank account and its related details.
- Step 2: The scammer calls you and says he is unable to pay the bank, citing technical details, and engages you in a hurried phone conversation before sending the QR code and requesting that you scan it.
- Step 3: Scammers keep talking to you and divert your attention so that you do not think of anything else other than receiving the money. As per the instructions of the prospective buyer (fraudster), the victim scans the QR code, assuming that QR scanning will get you money. The victim believes that money will be credited to their account, but money is debited from the victim’s account instead of a credit.
Few other QR code scan frauds:
- One method is to send text messages such as “Congratulations on winning Rs 5,00,000, along with a picture of a QR code.” The message will lure the victim into scanning the code and entering the amount, followed by a UPI PIN to receive the cash into the account.
- Another method includes using false QR codes in phishing emails, texts, or social media posts. After scanning the QR code, users are assured of refunds or offers, where the victim may be invited to scan the QR code to receive funds
- A fake QR code might take you to a website that might install malware onto your smartphone or laptop or try to trick them into entering credit or debit card information or steal other sensitive personal data.
- The buyer from online marketplace and classified advertising portals demands you to send the item before they pay for it or provides fake payment proofs.
How to Safeguard Yourself from QR Code Scams:
Remember that QR codes are generally used for paying money, not receiving it. If someone asks you to scan a code to receive money, this is most likely a scam.
- If you receive an SMS requesting you to send money, Do Not proceed
- If buyer insists you to fill PIN no, stop interacting with the buyer
- Do not EVER enter your PIN
- Put a little extra effort to report a seller or Ad whom you sense is a fraudster
- Never try to search for customer care numbers that are shown on Google, reach the emails and telephone numbers mentioned in the respective Portals and Applications.
- As UPI payments can link multiple bank accounts, try to use limited personal bank accounts to avoid being victim, using salaries accounts is not suggested.
What to do if a QR Code fraud happens:
- Ensure you take all screen shorts of fraudulent transaction and report in the respective e-commerce portals or apps.
- Register a complaint on https://cybercrime.gov.in/ or else reach out to nearby police stations to lodge a complaint. Alternatively victims can call Helpline No. 1930, which is manned and operated by the respective State Police officers.