Fraudsters on the internet appear to have found a new way are tricking users and looting lumpsums from their bank accounts in a newly uncovered QR code scam. The scam involves the fraudsters sharing their QR codes to make payments and then luring the victims to send money.
A number of such cases seem to have come to the fore over the past few weeks in Gurugram and more recently, in Hyderabad. Hyderabad Police claims that most of the criminals hail from Mathura, Uttar Pradesh, and have been targeting shops listed on Google and Justdial situated in and around Hyderabad. The criminals in question would call the shop owners stating they wanted to buy or sell products in bulk.
Speaking to the Times of India, Cyberabad cyber crime ACP, Srinivas explained that the fraudsters first obtain the phone numbers used by the victims for UPI payment gateway and then generate the QR code in the application and send it to the shopkeeper through WhatsApp, asking them to scan the code and enter the PIN from their application.
The swindlers then send a payment request link instead of a payment receive link. While the victims are distracted and on call, they open the link and enter the PIN, losing money. The offender sometimes cheats the victims further by saying they haven’t received the money and go to the length of making gullible victims cough up the amount twice or even thrice by saying that the money would be re-credited if there were stuck at a gateway.
The problem at hand here seems to be due to a general misconception about how UPI works. Users of UPI through apps like PhonePe and Google Pay or even mobile banking apps need to know that they do not need to scan any QR code while making a payment.
The police seem to be quite pissed at those who claim to have been fooled. Here’s what Cyberabad Police’s advisory warning sounded like, “Don’t scan QR codes sent by unknown persons without verifying their veracity. People are requested to use e-wallets only after they are convinced they know about its functioning.”
As for the victims, since UPI transactions are linked to bank accounts, its shouldn’t be too difficult to for police to trace the perpetrators down.