QR Code Scam: 7 Dangerous Tricks Targeting New Year Buyers

QR Code Scam: An Emerging Threat

QR code Scam is an emerging threat to the banking system throughout India, as hackers are replacing genuine QR codes in parking lots, restaurants and shops with duplicate QR codes.

If you are a victim of QR Code Fraud, it may only take ONE scan to remove all of your money. Currently, thousands of unsuspecting consumers are becoming victims of this crime without their knowledge. This comprehensive Guide contains 10 critical facts you must know if you want to stop being the next victim, and to ensure that you are never just one scan away from complete financial loss.

You will learn how to quickly identify counterfeit QR codes, case studies of actual occurrences in India, and detailed instructions on how to implement each step to keep your financial presence in the Digital Realm safe!

Consider the Following Scenario

Consider the following scenario: it is New Year’s Eve, you are at a busy market purchasing gifts, and you come across a “Mega New Year Sale” QR code offering an 80% discount! you scan the QR code and hope for a coupon; instead you hear vibrations from your phone and receive a text message stating “₹50,000 debited from your account”.

Last year, the holiday budgets of thousands of mall shoppers in Delhii and Mumbai were eliminated in mere moments due to the scanning of “Lucky Draw” QR Codes at shopping malls. This Guide will inform you on how to best recognize the traps so that your New Year’s celebration does not become an unfortunate financial nightmare!

A QR code scam is an example of a advance form of scam where the scammer is able to hide a malicious link within a square barcode in order to obtain funds or personal data from their victim. By defining the purpose of QR Codes as an extension of hyperlinks, it is now clear that QR Codes are more than just an extension to store URLs; they represent the ability to deceive someone who is not vigilant enough to verify the final page of their QR Code scan.

What makes this method of theft so dangerous is the fact that visual inspection alone will not allow the user to determine whether the QR Code is a valid or invalid QR Code. Therefore, it is critical for users to always verify the destination address for any action their mobile device may be requesting prior to accepting it.

To put it another way, you should always view a QR Code in a public space with as much caution as you would have for a man who asks you for your wallet, because if you scan a QR Code that directs you to the wrong page, you are allowing a thief to gain access to your financial information or digital property.

Trick Use of QR Codes to Create Fraudulent Orders in Restaurants:

Criminals place counterfeit QR codes next to food vendors on their menus or tables for patrons to scan for payment. Once they do, their funds are deposited into the fraudulent criminal’s wallet rather than the merchant’s.

Petrol Payment Fraud via QR Codes:

Criminals place counterfeit QR codes at petrol pumps near their registers, making customers think they are paying for petrol, when in reality they are transferring funds to the fraudulent criminal’s wallet.

Parking Meter Scam Using QR Codes:

Criminals place counterfeit QR codes on official-looking parking signage. When you use the QR code to pay for parking, the funds go to the criminal’s personal UPI ID instead of the city or municipal authority.

Fake Charity Donation Using QR Codes:

Criminals place counterfeit QR codes indicating “charity” on the exterior of buildings, such as temples and hospitals, using their guise to trick kind-hearted individuals into making donations to fraudulent accounts.

Shopping Mall Promotion Fraud Using QR Codes:

Criminals will place counterfeit QR codes on promotional banners that advertise discounts. When the QR codes are scanned, customers are directed to a fraudulent website where the customer’s bank information will be taken.

Courier Refund Fraud using QR Codes:

A criminal will pose as a CLS delivery agent and send you a QR code claiming to be a delivery refund. When you scan the QR code, your funds will be transferred to the criminal.

Scams on OLX:

The scam begins with the scammer saying they want to buy your item, and to pay for it they send you a QR code. After scanning this code, however, it takes the money out of your account.

QR Codes for Concerts / New Years Parties:

Scammers will send out QR codes for concerts or New Year’s parties. When scanned, the user will either have paid the scammer, or will download malware onto their phone.

Free Wi-Fi QR Code:

People put up posters with “Free Wi-Fi” that have fake QR codes on them. Scanning these codes will install malware onto your phone that will allow the scammer to steal your phone’s information.

ATM Scammers:

A person will approach someone near an ATM and offer assistance with accessing funds through the ATM. They will show the unsuspecting victim a QR code that will allow them to receive cashback through the ATM; in reality, scanning this code will allow the scammer direct access to the victim’s account balance.

Quishing: The Hidden QR Email Scam

Quishing is a scam where an email with a QR code looks like a greeting for New Year’s or a “Year-End Tax Update” from your bank. Knowing this will help you identify fake emails that would help them transfer you from your safe computer to your dangerous mobile phone.

Once you scan the QR code, you will end up on a fake site that appears like your bank’s login screen, which is a fake site run by a criminal. With this knowledge, you can start developing your skills to check the web address in the url bar of your browser before entering any passwords or usernames.

The reason why criminals do this is that mobile phones are a lot harder to secure than computers and the criminals are able to trick you into giving them your Gmail and Instagram logins more easily. The best way to protect yourself from this type of scam is to never scan a QR code that is sent to you in an unsolicited email, even if it looks like it’s from a friend.

Common QR Code Scam in Shops

The common QR code scam involves a person showing you on their phone a spurious “Payment Successful” receipt after scanning a code to buy something from your shop. By learning this habit, shopkeepers will be able to verify payments by checking their own SMS notifications or voicemail messages rather than depending upon the phone screen of an unfamiliar person.

New Year Shopping Season QR Code Discount Scam

During the New Year shopping season, con artists routinely promise “Extra Discounts” if you pay through the QR code they send you via WhatsApp. Take note: protect yourself from this type of scam by only using the QR codes that are visible at and/or authenticated at the store itself.

Screen Overlay Scam in Payment Applications

Some thieves employ “Screen Overlay” techniques in which a phony payment page is displayed on your device when you enter your PIN in your UPI application. The best defence in this case is to proceed with extreme caution – if the appearance of your payment application varies minimally from normal or requests the same PIN number on two occasions, immediately terminate the transaction.

QR Codes That Download Malware

There are websites available for free, and scammers use these websites to create QR codes that will, when scanned, automatically begin downloading files onto your phone. This means, once scanned, you may not even have to click “Yes” before your phone is infected with a virus.

Dynamic QR Codes Used by Hackers

To increase your chances of becoming infected, hackers will use “Dynamic QR Codes” to change where a Code may lead you. A Dynamic QR code may lead you to a safe place at 10 am but then lead to a scam link at 11 am when there are more people present. This shows you can still become infected if a Code looked fine for your friend but appears to lead to a different webpage for you.

Use of URL Shorteners for Masking Scam Links

Hackers may also use “URL Shorteners” (e.g. bit.ly) to mask a Scary-Site Link inside the QR Code. The solution is to use a Scanner that is able to tell you the Exact Name of the Webpage and requires your permission to open the Browser.

Impact of QR Code Scams on Users

QR code scams will have a major effect on a normal user who scans a code that contains a fraudulent payment request, as the scammer may hack into the user’s WhatsApp account and steal their bank account of their entire balance within minutes. Understanding this will help you understand that this risk is not simply a few rupees, but rather the risk of losing the privacy of your personal life, including all of your photos, conversations, etc.

Effect on Shop Owners and Payment Verification

Additionally, when a scammer replaces the QR Code on a shop owner’s QR code display with a different code, the shop owner loses his/her daily income and all of their customers will lose faith in their business. This knowledge will encourage owners to utilize “Sound Boxes” that verbally announce the payment transaction, thereby providing a precise means of confirming the legitimacy of the transaction.

Identity Theft and Digital Shyness

There is also a threat of “Identity Theft” associated with a scammer scanning a QR code that contains both the scan user’s phone number and location information in order to create a more realistic future scam targeted at that user. The ultimate solution for individuals is to adopt an attitude of “Digital Shyness” when using digital QR codes by not scanning everything that comes across their screens.

Scam QR Codes on Professional-Looking Flyers

Scam QR codes are most often scanned due to them being present on “professional-looking” flyers located at locations like bus stops or New Years Eve parties. This experience teaches you to build a “questioning habit” where you begin to ask yourself, is this QR code source reliable.

Free Public Wi-Fi QR Code Scams

People often scan QR codes for free public Wi-Fi while they’re at airports and shopping malls without checking in with the staff first. This experience has taught us to ask for the name of the Wi-Fi network and the password instead of just scanning some random code seen on a wall.

UPI PIN Entry Scams for Refunds or Gifts

People will type their UPI pin into their phones to either “receive a refund” or “receive a New Year gift” from someone they don’t know calling them. Understanding this error gives you the most valuable skill today in India: whenever you enter your UPI pin, you’re giving away your money.

Check for Fake QR Stickers

If you suspect that a QR code is a scam, feel the code with your finger while at a shop to see if it feels like a sticker that was put over the original metal plate. Performing this simple physical check can help you avoid sending money to a con artist’s bank account.

Verify the Name After Scanning

When you scan the code and receive a name that isn’t what you thought it was, this is another way to see that you’ve fallen into a trap. If you go to “Sharma’s Sweets” and the name on the screen is “Rajesh123”, do not continue. Scanning a fake payment trap is usually the first thing that people notice during the New Year rush.

Examine the Website URL Preview

Looking at the URL preview of the website will give you a good indication if the link is a scam or not. If it looks like a string of random letters and numbers or does not have “https” at the beginning, there is a high likelihood that you have just stumbled upon a malicious link. If you notice an error in the way the site is trying to sound like a well-known brand, shut the app down immediately.

Use Verified Scanners in Banking Apps

When you are ready to pay with your mobile device via a QR code, do not use the standard camera on your phone; instead, use the scanner in your banking application (Google Pay, PhonePe, etc.). The banking applications are equipped with “Verified Scanners” which provide an additional layer or layers of security to protect your financial information from fraudsters.

Always Double-Check Payment Details

Before tapping “Pay” on your mobile device, double-check the amount you are about to pay and the name of the person or business to whom you are making your payment. This simple five-second habit can eliminate 100% of your chances of either accidentally sending your money for New Year shopping to a scammer instead of a legitimate merchant.

Turn Off Auto-Open Links

If you have an Android or iPhone, turn off the feature “Auto-open links” in the camera settings; this will ensure that any time a link is being opened, you will always see the web address first. By taking advantage of this “Security Pause,” you have the opportunity to think clearly and determine whether a website is legitimate, thus preventing malicious websites from inflicting harm to your mobile phone.