While Quick Response (QR) codes have been around for over 25 years, their use in everyday life has exploded since the start of the pandemic and UPI revolution in India. Quick Response(QR) code is a type of two-dimensional matrix barcode, invented in 1994 is capable of storing lots of data which can be read by camera or smartphone. Some stats on QR code growth and future prospects:-
- As per www.qrcode-tiger.com, Dynamic QR codes generated by users accumulated a total of 6,825,842 scans from global users, a whooping 433% increase over 2021 figures.
- Global spending through QR code payments will reach over $3 trillion by 2025, up by $2.4 trillion in 2022.
- 40% of the Indian population uses QR codes, with a total of 1,101,723 scans from users.
- Over 9 million merchants in India accept QR code payments. (Mobile Transaction)
- The UPI interface, an integrated payment system that allows users to make bank payments using QR codes, recorded 2.8 billion transactions worth INR 5 trillion in June 2021.
Anyone can create a QR code by using a number of free online tools. This makes QR codes easy for businesses to use — but it’s also easy for scammers to take advantage of them. lets look at some recent frauds using QR codes:
- Fraudsters trick devotees at Kedarnath-Badrinath Temple using fake QR codes and loot donations.
- A 50-year-old woman fell victim to the QR code fraud and lost Rs 41000 in a Pune restaurant.
- Fake Forms, QR Code For Fee: Scam Website Targets Territorial Army Jobs recruitment drive.
How is QR Code scam carried out :-
Fraudsters replace fake QR codes on printed pamphlets of prominent organisations or temples or restaurants or send fake QR code in emails, social media messages and physical mails in the form of survey, lottery, discount coupon, free membership etc. Once the victim scans the QR code, he gets looted in one of the below ways:
The QR code may contain a virus like keylogger which will send all the keystrokes entered or it may have a malware which sends all the contents stored in the smartphone to fraudster who may inturn use it loot or blackmail or create a social engineering fraud attack on the victim.
The QR code will direct the user to a website where they will scam you to share confidential information like your PAN or AADHAAR numbers or credit/debit card details or bank login details, which is then used to loot the victim.
Most common one is where fraudsters send you a QR code to receive UPI payments, instead it turns out to be UPI send payment link with fixed amount, and you are asked to enter OTP as authorization PIN to receive payment and thereby instead of receiving you end up sending money.
How you can protect yourself from QR Code fraud :-
- Never scan QR code for receiving money. SBI had issued a warning on the same.
- Never scan QR codes casually for fun or for discount vouchers or lottery gains, it is not worth the benefits.
- Use a bank account with minimum funds for UPI transactions and dont use your main account for UPI purposes.
- If you are suspicious of tampering of QR code, always verify before scanning or best ignore that.
- Install good antivirus software and keep updating it regularly.
- Say No to strangers who ask you to scan a QR code.
- Never enter your confidential details on forms or websites directed by QR code unless its from an authorised source.
If you have been scammed of QR Code fraud :-
Immediately call 1930 cyber helpline or file a complaint at cybercrime.gov.in. If you have shared Aadhaar with someone, lock your Aadhaar card at uidai.gov.in. Complain about the fake account or profile on the respective social media website and about the fake websites with its hosting service provider and ask them to block it. Call the concerned bank and lodge a complaint to freeze the funds. Change user ids and passwords/pins of exposed banking accounts. If you have a doubt of malware/virus attack after scanning the QR code, format or factory reset the device.
Legal Remedies available :-
One can register a criminal case in cyber police station under :
- section 419 (punishment for cheating by impersonation), 420 (cheating and dishonestly inducing delivery of property), 464 (make a false document or false electronic record) and 465(Punishment for forgery) of Indian Penal Code(IPC)
- section 43 (Penalty and compensation for damage to computer, computer system, etc), section 66 (punishment for computer related offences – a person committing data theft, transmitting virus into a system, destroying data, hacking, or denying access to the computer or network to an authorized person is imprisoned for a maximum of 3 years or a fine of 5 lakh rupees or both), section 66C(which prescribes penalties for identity theft and states that anyone who fraudulently or dishonestly uses a person’s identity information will be subject to imprisonment up to 3 years and a fine of up to 3 lakh rupees) and Section 66D (punishment for fraud by impersonation using computer resources) under of the Information Technology Act(IT) Act 2000.
Frequently Asked Questions :-
-
What are the various warnings issued on usage of QR codes?
State Bank of India (SBI) has asked its customers not to scan QR Code for receiving money. FBI has issued a warning that cybercriminals have tampered with QR codes to steal consumers’ login, financial information and money.
-
What all Information can QR codes steal from you?
QR codes can be used to steal Personal Information(name, address, phone number, government Ids etc) and Financial Information(bank details, credit/debit card details etc) from you.
-
What type of information can be stored in a QR code?
There 177 columns and 177 rows in a QR code. Generally the total amount of information is 3 Kb. A QR code can store text, executable code, URLs, phone numbers, email addresses, business cards, GPS coordinates or even entire files like PDFs or images.
If you find this useful, please like it and share, also if you have any questions or topics you want me to cover please add them in the comments section. Also you can share one page poster covering the entire content with your friends and relatives in other social media.