Authorities and cybersecurity experts are warning users worldwide — including in India — about a new wave of QR code scams that can lead to serious financial loss. With QR codes now ubiquitous for payments, menus, tickets, and loyalty programs, cybercriminals are exploiting their trustworthiness to trick people into sharing sensitive data or authorizing fraudulent transactions.
Let’s break down what you need to know and how to protect yourself.
❗ What Is the Scam?
Cybercriminals are using malicious QR codes that, when scanned, can:
- Redirect you to fake banking or payment login pages
- Install malware or spyware on your device
- Initiate unauthorized UPI or digital wallet payments
- Steal your credentials or OTPs
Unlike clicking a suspicious link in a text message, QR codes are visual and often trusted implicitly — making them a powerful tool for fraud. Experts say this scam is spreading rapidly because it’s easy for attackers to paste fake QR codes over legitimate ones.
🔍 How the Scam Works
Here are common tactics scammers use:
📌 Overlaying Fake Codes
Fraudsters paste a new QR sticker over a legitimate QR code (e.g., on shop counters, taxi displays, restaurant bills), redirecting users to a fake payment page instead of the intended receiver.
🧑💻 Redirecting to Phishing Pages
Once scanned, the malicious QR code may lead you to a clone of a bank or UPI app login page, tricking you into entering credentials which are then captured by attackers.
📲 Triggering Unauthorized Payments
Some QR scams are designed to initiate a debit authorization directly, asking for a UPI PIN or one‑time password (OTP) that ultimately sends money to the scammer’s account.
👀 Real‑World Examples
Officials have reported multiple cases where people lost thousands of rupees after scanning fake codes placed at:
- Restaurant counters
- Street‑side vendors
- Taxi and auto rickshaw fare displays
- Public posters and flyers
In one recent incident, a resident of a major Indian city scanned a QR code on a bill, only to find several unauthorized transactions draining money from their bank account before they could block the payment.
🛡️ Safety Tips: How to Protect Yourself
Here’s what you should do before scanning any QR code:
🔎 Verify the source
Only scan codes from trusted sources — avoid random posters or stickers.
👁🗨 Check the URL before confirming
After scanning, look at the link carefully before allowing actions. If it looks unfamiliar or suspicious, don’t proceed.
📵 Use secure UPI and banking apps
Prefer scanning within official banking/UPI apps rather than generic camera apps.
💬 Avoid entering credentials on unknown pages
Never enter passwords, UPI PINs, or OTPs on login pages you don’t recognize.
🔄 Enable transaction alerts
Turn on SMS/push notifications for payments so you spot unauthorized activity instantly.
📞 Report suspicious codes
If you encounter a fake QR code (e.g., pasted over a legitimate one), inform the merchant or relevant authorities.
📊 Why This Matters
QR codes are widely used for cashless payments, loyalty programs, tickets, and contactless menus, especially in urban and semi‑urban India. Their convenience makes them popular — but that same trust enables scams when used deceptively. Recognizing malicious QR codes can save you from financial loss and personal data theft.
















