Victims are trapped due to lack of QR code know-how, social engineering tactics of fraudsters
In the backdrop of the pandemic, online/digital payments have received a big boost. QR (Quick Response) codes have emerged as a convenient way to promote contactless payments but the lack of necessary knowledge on how to spot a fraudulent QR code is costing people dear.
According to reports available publicly, every fifth payment fraud today involves QR codes. Banks, e-commerce websites and digital security experts are warning people.
Here we discuss how the QR code scam happens, and what you should do to avoid getting cheated.
A code like no other
A QR code is a type of matrix barcode. It consists of black squares arranged in a square grid on a white background.
The code has information embedded in it. The patterns within QR codes represent binary codes that can be interpreted to reveal the code’s data.
QR codes are easily read by smartphones. All you need is a camera and an app to read the code. Many use the QR code route to pay for purchases at merchant outlets by simply scanning the QR code using an app.
QR codes are extremely easy to generate. But, what’s hidden in them is very difficult to identify.
So, a scamster can lie about the actual information behind the QR code and dupe people.
These days the popular way of deceiving people with QR codes involves targetting individuals who are trying sell or buy goods online. Examples are a person in Bengaluru ordering wine online and losing ₹1.6 lakh, a person uploading a classified to sell his mobile but ended up losing ₹80,000.
Assume you want to sell off an item online such as a sofa for ₹20,000. Days pass and no real leads come. You are disappointed and wonder if you need to lower the price. Suddenly, the phones rings and the scamster will pretend to be an interested buyer. They will aim to win the trust of the seller by agreeing to buy the item near the quoted rate ₹18,000.
Then, the cyber criminal will send ₹500-1000 to the seller, calling it a ‘test transaction’. Since the seller actually receives money in their bank account instantaneously, the trust factor rises mani-fold.
Pay attention because this is the moment when the fraud will happen. The fraudster will create a QR code with a high amount (the balance i.e. ₹17,000) and will share it with the seller through WhatsApp, email and other platforms. They will say scanning the QR code will result in the seller getting the balance amount instantly.
After sharing the QR code, the scamster will ask the seller to select “Scan QR code” option on the app and select QR code from phone photo gallery. After scanning the QR code from photo gallery, the seller is asked to ‘proceed’ with the payment.
After clicking on “Proceed”, the seller will enter UPI PIN. That’s when money will actually be deducted from their account.
Ways to avoid scam
The biggest problem with a QR code is that humans can’t read it. So, it’s critical to pay close attention while making payments or transactions using QR codes.
First and foremost, if you are receiving funds/payment you do not need to give any PIN/special number for any QR code transaction. If somebody is asking you to enter a PIN to receive funds, be very suspicious.
A QR code payment transaction involves some steps and it is important to notice the smallest details. Don’t proceed with a transaction if you suspect anything is out of place.
It is best to pay or receive money using QR codes only in secure and familiar environments. Don’t do a QR code transaction if you don’t fully trust the counter-party.
Many a times victims understand that money is being debited from their bank account when they do a QR code transaction.
However, due to social engineering tactics used by scamsters, they dupe victims by saying ‘it was a mistake’ and then try their luck with another similar transaction. A Delhi-based politician’s daughter in this way was duped of ₹34,000 in two simultaneous transactions.
One of the ways to identify a scamster will be the unusual hurry to complete the transaction. Before engaging in any payment transaction, verify the credentials of the counter-party.