While the amount of digital payments across India has grown, the scams surrounding Unified Payment Interface (UPI) have also seen a significant increase over the last couple of years. Making payments on the go is now making it easier for scammers to steal money and personal information from UPI users.
Quishing scams across India have seen a massive spike as fraudsters are now using QR code scanning and UPI to steal money, personal information and identity of the users, leaving next to no digital footprint behind.
What is quishing scam?
While phishing scams have been around in India for decades now, quishing is a new method being used by scammers to digitally siphon off money from citizens. Quishing involves scammers using fake QR codes to lure people to fraudulent websites to steal their bank account details.
The number of complaints related to UPI frauds has increased from 15,000 cases in 2022 to over 30,000 in 2023, reported Times of India. Out of this number, around half of these complaints are related to QR code scams.
However, quishing is not just exclusive to scanning QR codes for UPI payments. In fact, scanning any kind of QR codes that take you to a third-party website can put your money and personal data at risk.
How does quishing work and how to protect yourself
The scammer will generally ask the user to scan a QR code using their phone camera, which then redirects them to another website. This website can be a duplicate of a genuine e-commerce or bank website, asking for personal information or bank details of a person.
Apart from this, some QR codes ask the user for the UPI PIN for verification, which is then sent to the scammer who uses it to drain the bank account of the victim. Some QR codes also contain malicious files or mirroring software, which gives access to all the information in your phone to the scammer.
To avoid such scams, it is advised that one does not scan any QR codes sent to them by unfamiliar sources. Scanning QR codes on social media platforms should also be avoided as they can contain malicious files.
It is advised that one does not click on any unfamiliar links that appear after scanning a QR code. If the QR code includes a shortened URL, avoid clicking on it unless you trust the source.