Phishing, vishing, and smishing are yesterday’s news in the ever-evolving world of cybercrime. Agencies are now grappling with a surge in “quishing,” a nefarious scheme that leverages fake or tampered QR codes to not only siphon money but also steal personal information and commit identity theft. QR codes are becoming increasingly prevalent, popping up on everything from restaurant menus to merchant storefronts.
This ubiquity has not gone unnoticed by crooks, who are devising new ways to exploit the technology and deceive unsuspecting users.
A Sharp Rise in UPI-Related Fraud on WhatsApp and Instagram
In 2023, complaints regarding UPI-related fraud skyrocketed to over 30,000, a significant jump from the roughly 15,000 cases reported in 2022. Sources indicate that nearly half of these scams involve QR codes, often distributed via WhatsApp or text messages. “The modus operandi is often straightforward,” explains a senior cyber-cell officer. “Scammers send a QR code to their target through WhatsApp or Instagram. The victim is then instructed to scan the code with their phone’s camera and enter an amount and their UPI PIN to receive payment or a cashback during transactions. As soon as the user enters their UPI pin, the fraudsters gain access to their account and can transfer a hefty sum.”
Security agencies say that most scams happen on QR codes sent on WhatsApp or Instagram.
Cyber cell officials
urge caution when receiving unsolicited QR codes and recommend verifying their legitimacy before scanning. They also advise using preview features whenever possible before initiating a payment.
“Scanning a malicious code is like opening a backdoor to your device,” warns cyber security police officials. “A downloaded malware program can hijack your device, steal your data, and even monitor your activities.” It’s crucial to remember that QR codes and PINs are only required for sending money, not receiving it. “You don’t need to enter your PIN to accept payments on digital platforms,” emphasizes an official. “Many of these scams occur during online transactions involving used goods.”
Beyond Borders: Global QR Code Scams
Just a few months ago, 40 merchants in India were swindled out of lakhs of rupees by con artists posing as QR code and sound box installers. In foreign countries, one of the latest QR code scams targets drivers at pay-to-park bays. Fraudsters replace the original parking stickers with fake QR codes. When drivers scan them, they are directed to a portal that requests their credit card or bank account information.
Recovering Stolen Funds: An Uphill Battle
Recovering money siphoned through
can be an uphill battle, admits a DCP-rank officer heading a district cyber cell. “We attempt to block and freeze the stolen funds by following the money trail, but in many cases, the sum is routed through a web of wallets and accounts before being withdrawn from ATMs, often before an FIR is even filed.”