Cybersecurity experts are raising alarms over a significant rise in fake QR code scams across India, which are being used to steal funds and compromise merchant accounts. The widespread adoption of digital payment methods, especially through the Unified Payments Interface (UPI), has made QR codes a common feature in various sectors such as retail and hospitality. However, this convenience is being exploited by attackers who are inserting counterfeit codes to mislead users into visiting fraudulent payment sites and phishing portals, thereby facilitating financial data theft and unauthorized transactions.
Malicious QR codes are disseminated through diverse channels. Fraudsters often place fake stickers over genuine payment codes in places like retail stores, parking areas, and gas stations. Additionally, these codes are spread via social media and messaging apps, camouflaged as promotions or urgent alerts. The phenomenon, known as "quishing," has seen a sharp increase, with a notable rise in phishing emails containing QR codes. Mobile users are particularly vulnerable due to the limited screen space that obscures URL previews, allowing attackers to mask malicious links more effectively.
Recent incidents underscore the growing sophistication of these scams. In one case, the Delhi Police uncovered a scheme where a scammer manipulated a shopkeeper's QR code, keeping the shop's name intact while altering the account details to divert funds. Merchants who unknowingly reuse compromised QR code images face significant risks, including being implicated in money laundering schemes. This situation disrupts business operations and threatens financial stability for both merchants and consumers dependent on digital payments.
In response, regulatory bodies are taking action to counteract these threats. Various Indian states have introduced dynamic QR codes that refresh frequently at high-risk sites like petrol stations. Meanwhile, the National Payments Corporation of India is piloting a "SafePay" verification feature to ensure the authenticity of merchant codes, with plans to expand this initiative significantly. Consumers are advised to inspect QR codes for signs of tampering and verify URLs before proceeding with any transactions. Financial experts caution against scanning QR codes for receiving funds, as legitimate transactions do not require this step. Reporting suspicious activity is crucial, and individuals are encouraged to use the National Cyber Helpline or the National Cyber Crime Reporting Portal to increase the chances of stopping fraudulent transactions in time.


