written by | February 25, 2022

QR Code Scams are Rising: See ways to safeguard yourself from it

Technology in India is developing at a faster rate every day. But the possibility of frauds and scams is also rising with the advent of technology. Cybercriminals find a new way to fraud the customers as soon as a new technological invention comes out. When the users don’t have much knowledge about a particular field, it becomes easier for the fraudsters to manipulate them. This is the reason why QR code frauds are the most common and simpler to commit. Cybercriminals try to trick customers through fake QR codes. Users scan the fake QR code without knowing about it and give access to their sensitive information to cybercriminals. Therefore it is extremely important to spread awareness about the scams taking place through scanning fake QR codes so that people can save themselves from QR Code frauds.

Did You Know? Every day, about 15-20% of the total scams are done through scanning fake QR codes.

What is a QR code?

The abbreviation of QR code stands for Quick Response. It was first invented in Japan in the 1990s. QR code is a small 2D square with black and white pixels that carries around 4000 characters. It is a simple and easy way to make digital payments. It is also easy to share. Apart from payments, QR codes are used to save any media file, images, PDF in a specific location, but it is commonly used for saving a web address to make payment.

You can include a lot of information along with the URL in a single QR code. Scanning a QR code will direct you to another website where you can make the necessary payment using your credit/debit card.

 In recent days, especially during and after the pandemic, the usage of QR codes has been increasing due to a surge in digitalization. Now, QR codes can be seen everywhere starting from restaurants and small shops to advertised products and so on.

Also read: How to Get UPI QR Code for your Flourishing Business?

How does a QR Code Fraud Work?

The main motive behind the QR code scam is to steal the sensitive data of the users or to steal their money. Cybercriminals have various ways to commit QR code frauds. The most common method of QR code scam is phishing. In this technique, the criminal acts as a reputable person. It usually happens through phone calls, emails, or social media messages. Criminals may send you the QR code to scan it. On scanning this QR code, the user lands on a page that asks for sensitive information. This information is immediately sent to the criminal when the user fills the form and submits the same.

Another most common way of QR code fraud is face to face QR scam. In this method, the criminal may approach you in person with a story on why they need you to scan the QR code. But by scanning it, the user gives access to their bank account details and falls into the trap. Among all QR code scams, the fake QR code scam is the cruelest one. In this method, The criminals place the fake QR codes at the locations where online payments are made, such as gas stations and shopping malls. Sometimes, they even cover the legitimate QR code to fool people. This is the most difficult fraud to find out, because fake QR codes are placed at the places where people expect legitimate codes.

How to avoid falling into the trap of QR Code Scams?

  • Always be careful while scanning QR codes: Whenever you are trying to scan a QR code that is placed in a public location, check its QR look and confirm whether it is a sticker or a display. If you suspect that the QR code doesn't fit with the background, then you must ask for its copy or scan the URL code manually in your device. This will help you to identify the fake QR code.  When you land on any website after you scan the QR code, just make sure that it looks like the website that you expected it to be. If it asks you for any login details or bank account details that are not needed, then stop giving such information and get out of the website immediately.
  • 2QR codes that are sent in e-mails are mostly from Scamsters: QR code experts suggest that whenever you receive an e-mail asking you to scan a QR code or scan URL code, then you must skip it entirely. They are never from a legitimate source. They are sent intentionally to fool you.
  • Check the URL code: Many smartphones have the feature of showing you the preview of your scanned URL code. If you suspect that URL, then you must stop there. You can also take the help of a secured scanner app that can help you to detect fake QR codes before your phone actually opens it.
  • Use the Password Manager: Even if you scan a fake QR code that takes you to any convincing website, having a password manager will help you not to autofill your passwords. This can save you from losing your sensitive data or money from your bank account.

Also read: Virtual Payment Address (VPA)– A new mode of payment

  • Contact the company directly: Whenever you receive any suspicious message from a company or a bank, then always try to contact that company directly to check whether the message was sent by them.
  • Be aware of the fraudulent methods: Always remember that the scanning of a QR code is meant for paying the money, not for receiving it. If anyone asks you to scan the code and get paid for it, then deny scanning that QR code, else you will grant access to your bank account details.
  • Install Antivirus Software: Install a quality antivirus software in your device and it will help you to spot fake QR codes
  • Avoid scanning QR codes to transfer bitcoin: QR codes are also used to transfer the crypto currency from your broker to your wallet. You must avoid sending crypto currency tokens through such URL QR codes if you doubt its legitimacy.

Scams through WhatsApp QR Code

Like all other online applications, WhatsApp keeps the data of its users encrypted and private. It is a safe platform. It offers critical features such as single login at a time and two-factor authentication. But, since it is an online platform, risks of cyber attacks are also attached to it. Whatsapp offers the feature of Web WhatsApp which allows the user to log in to their account on a PC.

It helps the user to take the help of a keyboard rather than typing on a small screen. On choosing the WhatsApp Web option on your phone, the users are directed to scan a QR code from the device they want to log in. If you scan the QR code from your phone, your WhatsApp account will open on the other device too. Scanning your WhatsApp QR code will grant access to your entire WhatsApp account to the other person. Hackers can scan your Whatsapp QR code to get into your conversations and to steal your sensitive information such as bank account details and other private information to blackmail you. You must review your WhatsApp activity and your information added to the application in order to ensure that no other person is using your WhatsApp account. If you see any other suspicious device from which your Whatsapp Account is logged in, then immediately deny access to that device.

Also read: All About UPI– United Payments Interface


Cybercriminals are very clever when it comes to committing fraudulent activities. Although the QR codes are a safe and secure mechanism for online payment or online verification, still they can be misused by hackers. It is very important to review your online activity and the platform you are trusting for scanning the QR codes. You must always check the QR code before scanning it by copying its URL scan code. If the URL takes you to a suspicious page, you must stop and report it to help the other users who might fall into the trap of hackers. You must be aware of the working of QR codes and must spread its awareness to other people also.

If you are a merchant and you want to provide a safer digital option for your customers to pay you, then you can opt for the Khatabook QR code delivery at home.

If you are noticing any QR code fraud that is taking place, kindly report the case to either your card issuing bank or reach out to the nearest Cybercrime branch. Send an email to cybercell@khatabook.com to report the case.

Important: Never share OTPs, PIN numbers or any other codes that you receive via SMS or other channels. Never share your Account Number or Credit and Debit Card details on a public platform.

Follow Khatabook for the latest updates, news blogs, and articles related to micro, small and medium businesses (MSMEs), business tips, income tax, GST, salary, and accounting.


Q: Is it safe to make payments through QR codes?


Making payments by scanning QR codes is a safe and secure method only if you scan the legitimate ones. Whenever you are trying to make payment through a QR code, you must verify the recipient's name, contact number, and other details before scanning it.

Q: Will my PC get viruses if I scan a fake QR code?


Yes, when you scan unwanted QR codes sent to you, it may automatically download harmful files to your computer. These auto-downloads can infect your device through viruses and can steal your sensitive data.

Q: Can someone debit my bank account through QR code scams?


Yes, many times, cybercriminals steal your money from your bank accounts through a QR code scam. These criminals might contact you for fake investment opportunity or for bitcoin and ask you to scan the fake QR code. It will inevitably debit all of your money from your bank account.

Q: What is a QR scam?


QR scam is a  type of fraudulent activity making a person scan the malicious QR code and steal their sensitive data or money. Scanning the wrong QR code may take you to a suspicious website asking for personal information that may land you in trouble.

Disclaimer :
The information, product and services provided on this website are provided on an “as is” and “as available” basis without any warranty or representation, express or implied. Khatabook Blogs are meant purely for educational discussion of financial products and services. Khatabook does not make a guarantee that the service will meet your requirements, or that it will be uninterrupted, timely and secure, and that errors, if any, will be corrected. The material and information contained herein is for general information purposes only. Consult a professional before relying on the information to make any legal, financial or business decisions. Use this information strictly at your own risk. Khatabook will not be liable for any false, inaccurate or incomplete information present on the website. Although every effort is made to ensure that the information contained in this website is updated, relevant and accurate, Khatabook makes no guarantees about the completeness, reliability, accuracy, suitability or availability with respect to the website or the information, product, services or related graphics contained on the website for any purpose. Khatabook will not be liable for the website being temporarily unavailable, due to any technical issues or otherwise, beyond its control and for any loss or damage suffered as a result of the use of or access to, or inability to use or access to this website whatsoever.