In the past few years, online payments in India have grown by leaps and bounds, slowly becoming the primary payment method for many, as India strives to become a cashless economy. The combination of widespread smartphone usage as well as affordable and accessible internet in all parts of the country, has led to a resurgence in digital payments. However, on the flip side, scamsters have become more prominent and threatening. Equipped with several types of online scams, these fraudsters have affected many unsuspecting individuals.

A novel fraud that is being cunningly practiced by con men these days is the QR code scam. Scanning an innocent-looking code for a small payment can wipe out your savings if you are not cautious enough.

Let’s get to know a little more about it.

What is a QR code?


A QR (quick response) code is a two-dimensional barcode that facilitates easy payment. All one needs, to make a payment via QR codes, is a smartphone equipped with a camera and an app that can read the code.

QR codes were first created in the 1990s as a means to track product inventory. Since then, QR codes have come a long way and are now being employed in numerous places like restaurant menus, at the airport as well as in malls. One of the most widespread uses for these codes is in the contactless payment model. With the rise in usage of online payment apps, one is likely to find these QR codes at almost every corner in India these days.

COVID-19 and the re-emergence of QR codes

COVID-19 social distancing norms have further decreased the use of cash in the domestic economy. More and more people are now increasingly relying on digital payments. Payments through QR codes have, consequently, re-emerged as a popular payment method given how easy it is to transact using them without risking COVID-19 exposure. However, just because this method is a popular one does not necessarily mean that it is safe.

Let’s take a look at how scammers are targeting gullible people using QR codes.

Types of QR code scams

1. QR code scam at an online marketplace for used products:

There are many websites that have become immensely popular with many buyers and sellers that transact in used products. There are a few bad apples in these digital marketplaces who are biding their time, looking to scam vulnerable individuals on these websites.

The con starts when the conman starts a negotiation over the price of a product. Once a price for a certain product is decided, the conman tells the seller that he will send the money online and sends a malicious QR code (often via WhatsApp or other messaging apps). Once the QR code is scanned, the conman gets access to your bank account through an online payment app and the money is then swindled from the bank account.

2. Via fake reward messages:

Often people receive unsolicited messages which tell them that they have won a handsome reward of Rs. XYZ sum, along with a QR code. Gullibly, when these people scan these QR codes, instead of receiving money in their accounts, they end up losing it.

3. Fake QR codes in phishing email, text or social media:

People also receive fake QR codes in texts, on social media or phishing emails. When they scan the code, they are taken to a website with credible-looking pages. From here once personally identifiable information and other banking information is divulged, the scammer can wipe out the victim’s savings.

4. QR codes at public places:

Conmen are looking to defraud you not just in the online world but also in real-life situations. Beware of blindly relying on QR codes placed at public outlets like a petrol pump or your corner tea or pan kiosk. Criminals can paste their own QR codes over the original codes and consequently, they can have access to your account. The risk here, as in the other methods, is that there is no way of reading the information in the QR code before scanning it. These QR codes contain Trojan horses or malware which create a pathway for the cybercriminal to gain access to your financial information.

Do’s and Don’ts on scanning QR codes

1. Scan a QR code only when it is from a trusted source

It is best to scan only those codes which come from a source with which the user is familiar. Always treat a QR code as a payment link. Just as one would stay away from a fishy-looking payment link, stay away from scanning QR codes that come from strangers or suspicious pages and websites.

2. Install a QR code scanner

A QR code scanner checks and displays the link embedded in the QR code before following the link. Before you scan a QR code use a QR code scanner app, on the link. When you scan a QR code using the QR code scanner a pop-up should ideally come up. If it does not come up or in case a shortened link such as comes out, be cautious.

3. Get security software

Securing your devices should be a top priority. Reliable security software should be installed on all smart devices and should also be updated to identify the new security threats.

Reporting a QR code scam

In case, you suspect that any cybercriminal activity has taken place, immediately contact your bank and get them to change your online banking login credentials. You can also contact your local police and register a formal complaint with the cyber cell or you can register a complaint on the national cybercrime portal.