Scam through QR Code Scan

 The scam starts with someone putting an item on an online sale website. That’s when the
fraudsters pose as buyers and share the QR code to pay an advance or token amount. They
then create a QR code and share it with the intended victim through WhatsApp or email.

Perhaps, their widest use is in the contactless payment ecosystem – ‘Scan the QR code
below and pay’. A QR (Quick Response) code is a two-dimensional barcode that is easily
read by smartphones – all you need is a camera and an app to read the code. While over-the-
counter scanning poses less of a risk, scammers have found new, creative ways of deception.
One way of doing this is by sending people texts like – ‘Congrats on winning Rs 20,000’
along with the picture of a QR code. The message will urge you to scan the code, enter the
amount, followed by your UPI PIN to ‘receive’ the cash in your account. In this scam,
gullible people believe that this will credit money in their account, but this does just the
opposite. You don’t end up ‘receiving’ but actually ‘paying’ the fraudster the amount.
 Another tactic is by embedding fake QR codes into a phishing email, text, or via social
media. Upon scanning the bogus code, users are directed to websites with realistic-looking
landing pages, where the victim may be prompted to log in by entering PII (personally
identifiable information).

 Public QR codes (like at fuel stations or kiosks) also pose a problem as cybercriminals may
swap them by replacing their own QR codes over genuine ones to make money flow into
their account. The problem is, there is no way of reading the information contained inside
the code before exposing the device to the unsuspecting fraud. It’s critical to pay close
attention, even to small details while making payments or transactions using QR codes. It is
best to pay using these, only insecure and familiar environments. Remember that the risks of
scanning an unknown QR are like clicking on links in unknown messages – treat a QR code
like any other link – don’t follow it if you don’t fully trust the source. Once you scan the
QR, a pop-up to view its embedded URL must emerge. If there is no URL, or if it seems like
a shortened one (like bit.ly) – be cautious. It’s best to install a QR scanner that checks or
displays the URL before it follows the link.
 Immediately contact your bank and have them change your login credentials. You may also
consider contacting the police and registering a formal complaint with the cyber cell or even
an online complaint on the National Cybercrime Reporting Portal – cybercrime.gov.in.
 Although the QR codes themselves are a secure and convenient mechanism, we expect them
to be misused by cybercriminals in 2021 and beyond. Knowledge of QR code fraud may lag
significantly today, but vigilance on our part will ensure the difference between the QR code
being scanned and us being scammed.
Thankyou