in recent years, India has witnessed a significant increase in digital payment fraud. According to a recent report by the Reserve Bank of India (RBI), these frauds have surged more than fivefold, with scammers accessing a staggering total of Rs 14.57 billion. As digital payments become more prevalent, so do the methods employed by cybercriminals to exploit unsuspecting users. One particularly alarming trend is the rise of QR phishing UPI scams.
The Surge in QR Phishing UPI Scams
A new report by Check Point Software Technologies highlights a dramatic increase in QR phishing UPI scams, from 15,000 cases in 2022 to an alarming 30,000 cases in 2023. This sharp rise has been attributed to the widespread use of mobile phones for digital payments and a general lack of awareness regarding cybersecurity measures.
How QR Phishing Scams Work
Hackers are constantly innovating new methods to deploy tampered QR codes to access users’ money. These scammers use fake QR codes to lure people to fraudulent websites, where they steal bank account details and other sensitive information. The process typically involves:
- Scammers Generate Fake QR Codes: These codes are designed to look legitimate and are often placed in public areas or sent via email and messaging apps.
- Users Scan the QR Code: When scanned by a phone camera, the code redirects users to a fraudulent website.
- Phishing Website: The website mimics a genuine e-commerce or bank site and asks for personal details, including UPI PIN or OTP, to complete the transaction.
- Data Theft: Once the details are entered, the scammers gain access to the user’s bank account and siphon off money.
How to Protect Yourself from QR Phishing Scams
To safeguard yourself from such frauds, follow these essential steps:
- Verify QR Codes: Only scan QR codes that are verified or have a blue tick. Be cautious of codes in public places or from unknown sources.
- Avoid Unverified Links: Do not click on unfamiliar links that could lead to fraudulent banking websites. Always verify the URL before entering any personal information.
- Implement Safety Measures: Use AI-based software that can detect phishing websites and warn you before you proceed.
- Be Wary of Shortened URLs: Avoid clicking on shortened URL links or those embedded in emails, as they can redirect you to malicious sites.
- Educate Yourself: Stay informed about the latest phishing techniques and share this knowledge with friends and family to spread awareness.
Did you know?
Checkpoint Harmony – a powerful AI-based email tool – can prevent QR code phishing attacks. Instead of passing along QR codes sent in emails like traditional email security gateways, it can detect if an email attachment is a QR code, and if it is, follows through to the website link associated with it. If it finds a phishing link, it blocks the email from being delivered to the user’s inbox.
Smart, isn’t it? You can deploy Checkpoint Harmony for your organizational email, and experience superior safety right from Week 01!