QR Code Payment Link Rental Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: CRITICAL | View Full Scam Details

QR Code Payment Link Rental Fraud in India 2026: A Critical UPI and WhatsApp Scam to Watch

As India’s digital payments boom, a dangerous fraud called QR Code Payment Link Rental Fraud is putting UPI users at high risk of losing money through WhatsApp and phishing tactics.

What Is the QR Code Payment Link Rental Fraud?

QR Code Payment Link Rental Fraud is a rapidly growing scam in India where fraudsters exploit UPI payment systems by renting or borrowing legitimate QR code payment links from unsuspecting victims. These links are then misused to siphon off money from multiple victims or to launder stolen funds. Targeting small shopkeepers, freelance delivery agents, and even individual UPI users, the scam plays on people’s trust in digital payment QR codes that have become ubiquitous in 2020s India.

The scam is widespread across metros and tier-2 cities alike, where WhatsApp remains the main mode of communication. Victims report receiving messages or calls offering quick money by renting their payment QR codes. A few official warnings about QR-based frauds have been issued by RBI and CERT-In, but this specific rental scheme has surged sharply in 2024 and 2025, prompting the Ministry of Home Affairs’ Indian Cyber Crime Coordination Centre (I4C) to issue fresh alerts about phishing via WhatsApp with fake QR links.

How This Scam Works — Step by Step

1. Initial Contact via WhatsApp or Call: The fraudster, posing as a micro-entrepreneur or delivery partner, contacts the target on WhatsApp claiming they want to rent the target's UPI payment QR code or payment link for a short time to receive payments.

2. Promises of Easy Rental Income: They offer a daily or weekly rental fee (usually between ₹500-₹2000 depending on perceived network reach), convincing the victim to share their QR code link or payment URL via WhatsApp.

3. Link or QR Code Shared: The victim shares the QR code image or the UPI payment link generated from their payment app (Google Pay, PhonePe, Paytm, etc.).

4. Link Misuse by Scammer: The fraudster uses this link to request payments from multiple unsuspecting customers or sends fake purchase confirmations to fake buyers. They may also use the victim’s link for money laundering to hide the origin of illicit funds.

5. Victim Receives Fake Payment Alerts: Victims see multiple incoming transactions or notifications, some of which may be reversals or fake payment statuses generated with cloned UPI apps.

6. Fraudster Initiates Refund Requests: Once enough money is collected, the scammer may use phishing techniques or social engineering to compel the victim to refund payments they never received, or the victim’s bank account may suffer multiple unauthorized debits.

7. Victim's Account Drained or Blacklisted: In some cases, victims find their accounts temporarily blocked due to suspicious activity flagged by bank fraud detection systems. Others report unauthorized withdrawals linked to SIM swap frauds combined with this scam.

Real Warning Signs to Watch For

• You receive an unsolicited WhatsApp message or call asking to “rent” your UPI QR code link.
• The “renter” insists on receiving your QR code image or payment URL before any contract or proof of identity.
• Promises of high rental returns with no formal paperwork or verification.
• Multiple fake payment notifications or reversals appearing after you share your payment link.
• Calls or messages pressuring you to refund "extra" amounts or “mistaken” payments.
• Unexpected bank SMS alerts for UPI transactions you didn’t authorize.
• A sudden lock or hold on your bank account or payment app after sharing your QR code.

What Happens to Victims

Victims often face serious financial losses, sometimes running into tens of thousands of rupees. Many lose money through forced refunds or unauthorized transfers siphoned from their accounts using UPI or linked debit cards. In addition to money lost, victims suffer emotional stress and distrust towards digital payments, affecting their daily livelihood especially in India’s informal economy.

Because UPI transactions are near-instant and mostly irreversible once processed, victims rarely get their money back. The situation worsens when fraudsters exploit Aadhaar details or perform SIM swap frauds to bypass OTP and authentication. Fixing blocked bank accounts or compromised UPI IDs can be a long, frustrating process involving banks, telecom providers, and cybercrime authorities.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has issued warnings that fraudsters are increasingly targeting QR-based transactions and cautions users against sharing payment links publicly or over unsecured channels. CERT-In (the Indian Computer Emergency Response Team) regularly publishes alerts about phishing scams using WhatsApp and advises users to authenticate QR codes before transacting.

The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs recommends reporting suspicious UPI-based fraud attempts to the 1930 cybercrime helpline immediately. RBI’s customer grievance portal also encourages victims to report unauthorized UPI debits and helps monitor suspicious QR code transactions to protect users.

How to Protect Yourself

1. Never share your UPI payment QR code or payment link with unknown contacts.
2. Verify identity before trusting anyone who offers rental payments or asks for your payment QR code.
3. Use official payment apps to generate and scan QR codes securely; avoid sharing screenshots or links over WhatsApp.
4. In settings, enable transaction alerts and OTP notifications for all UPI transactions and monitor regularly.
5. Do not approve any refund requests without confirming the original transaction with your bank or on your UPI app.
6. Update your mobile device and payment apps regularly to benefit from fraud detection features.
7. Use multi-factor authentication and link your Aadhaar carefully, avoiding shared access to linked apps or SIM cards.

What to Do If You've Been Targeted

If you suspect your UPI QR code payment link is being misused:

• Immediately contact your bank’s customer care to block or disable the UPI ID or linked bank account from receiving payments temporarily.
• Report the scam to the 1930 cybercrime helpline and file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in.
• Inform your mobile service provider if you notice suspicious SMS or SIM-related activity to prevent SIM swap attempts.
• Change your UPI PIN and logout of all devices linked to your UPI app.
• Keep records of all suspicious chats, transaction alerts, and refund requests for authorities.
• Consider filing a first information report (FIR) with your local cybercrime police station if large amounts are lost.

Frequently Asked Questions

Q: Can I lose money just by sharing my UPI QR code image?
A: Yes. Sharing your QR code publicly or with untrusted contacts can allow fraudsters to collect payments in your name or misuse it for scams, leading to unauthorized debits or refund scams.

Q: If I get suspicious refund requests after renting my QR code, what should I do?
A: Do not approve any refund or payment reversal without verifying the original transaction directly in your bank or UPI app. Contact your bank immediately and report any suspicious activity.

Q: How can I confirm if a payment QR code request is genuine?
A: Always verify the requester’s identity via official documents or business proof. Never share QR codes via WhatsApp chats or unverified links. Use payment apps’ inbuilt scanning functions instead of sending code images.

For any suspicious WhatsApp message or UPI payment link request, always verify the authenticity on BharatSecure.app. If you encounter fraud, report immediately to the 1930 cybercrime helpline to stop more victims.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.