QR codes are the easiest and secure way of making UPI payments without sharing your number but attackers have found a way to scam you.

Beware of UPI Payments: How to Avoid Falling Victim to a QR Code Scam

QR codes have made digital payments easier and more convenient. Some even claim that using a QR code as a payment method helps you pay without sharing the number or asking the other person for it. However, the popularity of Unified Payments Interface (UPI) in the country has caught the attention of attackers and they are now spoofing QR codes to trick you into paying to a wrong bank account or UPI ID.

In fact, a recent police report in Bengaluru claimed that more than 40 percent of cybercrime cases were related to the QR code scam. So what’s the problem with QR codes, how attackers can spoof them and how you should be careful while making UPI payments to anyone, here are more details.

According to a Palo Alto Networks report, QR codes are mostly similar, making it difficult to tell whether you’re scanning a real code or one shared by a scammer.

Another concern is that attackers will be able to replace a company’s genuine QR code and use their own code, which can become a hub for scams and stealing victims’ money. Scanner exchange fraud is on the rise, and the threat may increase in the future,” said Vicky Ray, principal investigator of Unit 42 at Palo Alto Networks.

When you scan a modified QR code, you’re likely to open a website that infects your device with malicious code or forces you to download a malicious app. “Such applications typically contain viruses, spyware, Trojans, or other types of malware that enable data theft, privacy violations, ransomware attacks, and in some cases even crypto mining,” as Palo Alto Networks points out in its message.

QR codes have been around for years, but UPI has made them ubiquitous, and with billions of rupees being transferred through UPI, it makes them an obvious target for fraudsters. But there is no need to worry about this type of attack as long as you control how and to whom you pay the money.

How to avoid falling for a QR code scam

Check if the QR code directs you to the correct website for payment. You can do this by using QR code scanning apps that are freely available in the app store. Make sure that the application does not open the URL directly and that opening malicious links is a two-step process. In addition to these steps, you should always download apps from trusted sources, even if Android allows you to download apps from a page. And finally, make sure your devices and apps are up-to-date to protect yourself from potential security issues.