What to do if I shared my OTP in a UPI scam?

Immediately contact your bank using the helpline number—SBI at 1800-11-1109 or HDFC at 1800-202-6161—and request to block your account. Also, report the incident to the cybercrime helpline at 1930.

How to identify a Customer Care QR Code Phishing Scam?

Look for red flags such as requests to scan QR codes for refunds, communication from unverified numbers, or urgent tones demanding immediate action. Legitimate companies won't ask you to scan a QR code for account issues.

How to report this type of scam in India?

You can report the scam to the cybercrime helpline at 1930, file a complaint on cybercrime.gov.in, and also notify your bank about the fraudulent activity.

How to recover money or protect accounts after this scam?

Immediately contact your bank to report the fraudulent transaction and request recovery. Change associated passwords and enable enhanced security features like 2FA. Monitoring your account and reporting any unusual activity is crucial.

Customer Care QR Code Phishing Scam

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, WhatsApp, Phishing

How Customer Care QR Code Phishing Scam Works

Overview: In this scam, fraudsters pretend to be customer service representatives from popular Indian brands or payment platforms. They convince customers to scan a QR code to 'verify' accounts, get refunds, or solve account issues. This manipulation can drain money from your UPI wallet or bank account by using the code to trigger a collect request. The scam typically targets urban UPI users—anyone from tech-savvy professionals to everyday shoppers. How It Works: After finding possible victims from social media complaints and online profiles, scammers contact users via phone calls, WhatsApp, or SMS, claiming they've noticed a problem with their account or payment. They instruct the user to scan a QR code sent to their phone, which will 'help process the refund or verification.' In reality, scanning the code enables a UPI collect request or opens a phishing link where the user enters sensitive information. India Angle: Popular targets include regular users of UPI platforms (Paytm, PhonePe, Google Pay) and e-commerce shoppers who reach out for customer support. This scam has become common in metros and tier-1 cities, with fake agents often using Hindi or English. It often begins with a search for customer complaint posts on platforms like Twitter or Facebook. Real Examples: A Mumbai professional who tweeted about a failed order soon received a WhatsApp from supposed Flipkart support. The 'executive' sent a QR code promising instant refund. When scanned, a payment collect request debited money from the victim’s UPI ID. Red Flags: Customer care insists on QR scanning; offers instant refunds/fixes only after scanning; support ID is not from verified social media or website; unusual urgency or emotional pressure; unknown numbers messaging on WhatsApp. Protective Measures: Contact customer service only through verified channels; never scan QR codes received from unofficial numbers or emails; do not share UPI PIN or personal details; check for verified icons and cross-verify with the brand's listed helpline. If Victimised: Inform your bank and payment app immediately; block suspicious contacts; report incident on cybercrime.gov.in and the 1930 helpline; keep screenshots and conversation evidence. Related Scams: 1) Refund fraud using payment collect requests; 2) Fake e-commerce support phishing emails; 3) 'Upgrade Your App' fake alerts from unofficial contacts.

How This Scam Works — Detailed Explanation

In the Customer Care QR Code Phishing Scam, fraudsters often employ social engineering tactics to identify and approach their victims. They may gather phone numbers from public forums or social media, targeting individuals who frequently engage with brands or services that involve UPI transactions. The scam typically begins with a message on WhatsApp, SMS, or even phone calls masquerading as customer service representatives from popular brands or payment platforms, such as Paytm or Google Pay. The message can be alarming, highlighting issues like account verification, unauthorized transactions, or pending refunds, creating a sense of urgency. They capitalize on the familiarity and trust people have with these brands to lower their defenses.

Once the fraudsters make contact, they utilize various psychological tricks to manipulate their targets into compliance. They present themselves as friendly and eager to assist, often using reassuring language. They will claim that scanning a QR code is necessary to resolve the account issue or to process a refund. Victims are led to believe that the scanned code will verify their identity or secure their financial information. The appeal is often combined with high-pressure tactics, where victims are told that immediate action is required to prevent further issues, tapping into their fears of losing access to their funds or exacerbating existing problems. This pressure typically results in victims acting quickly without considering the potential danger.

Once a victim scans the fraudulent QR code, it sets off a series of events that can lead to financial loss. The QR code is often linked to a payment request that allows the scammers to withdraw funds directly from the victim’s UPI account or linked bank account. For instance, a victim may receive a call from someone posing as an HDFC Bank representative who claims that their account is compromised and they need to verify their identity by scanning a code. After complying, victims often discover that a significant amount—ranging from ₹5,000 to ₹50,000—has vanished from their accounts, leading to panic and distress. Real cases have emerged where victims reported losing upto ₹10 crore collectively in a span of just a few months due to this scam, stressing the rampant nature of the issue.

The impact of this scam on individuals and the Indian economy has been severe. According to the Ministry of Home Affairs and data from the Reserve Bank of India (RBI), cyber fraud complaints have surged by over 300% in the last year, with significant monetary losses reported by victims. It is not just a matter of financial loss, but many victims suffer emotional trauma and a deep sense of violation. Cybersecurity organizations like CERT-In have begun to issue advisories to warn individuals about such scams, but many users, especially in urban settings, remain unaware of the precautions to take. The ease with which money can be siphoned off through UPI, paired with the limited awareness of proper verification steps, heightens the risk.

To discern between legitimate communications and scams, individuals should be alert to several red flags. If a customer service agent requests that you scan a QR code to verify any information, it is a clear warning sign. Legitimate companies typically do not require QR scans for account issues. When engaging in any financial transaction, especially related to refunds or verification, investigate the legitimacy of the requester using official helplines—like HDFC at 1800-202-6161 or SBI at 1800-11-1109. It is crucial to maintain a skeptical outlook, especially when recipients push for urgent action regarding sensitive information, which is a tactic often used by scammers to provoke anxiety and facilitate their aims.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Customer Care QR Code Phishing Scam Target?

General public across India

Red Flags — How to Identify Customer Care QR Code Phishing Scam

Customer service asks you to scan a QR code for refund
Instant solutions promised after only QR scan
Unverified or personal WhatsApp/phone numbers
Urgent language, insisting on privacy
Requests for sensitive info after scanning

What To Do If You Encounter Customer Care QR Code Phishing Scam

Report the incident immediately to the cybercrime helpline at 1930 or visit cybercrime.gov.in to file a complaint.
Contact your bank's customer service to freeze or monitor your account for any unauthorized transactions.
Educate friends and family about this scam so they are not tricked into similar situations.
Avoid sharing sensitive information over calls or messaging apps without proper verification.
Enable two-factor authentication (2FA) on all financial apps to add an extra layer of security.
Be conscious of unusual communication methods, such as personal WhatsApp or unknown phone numbers soliciting QR scans.

How to Report Customer Care QR Code Phishing Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank using the helpline number—SBI at 1800-11-1109 or HDFC at 1800-202-6161—and request to block your account. Also, report the incident to the cybercrime helpline at 1930.
How to identify a Customer Care QR Code Phishing Scam?: Look for red flags such as requests to scan QR codes for refunds, communication from unverified numbers, or urgent tones demanding immediate action. Legitimate companies won't ask you to scan a QR code for account issues.
How to report this type of scam in India?: You can report the scam to the cybercrime helpline at 1930, file a complaint on cybercrime.gov.in, and also notify your bank about the fraudulent activity.
How to recover money or protect accounts after this scam?: Immediately contact your bank to report the fraudulent transaction and request recovery. Change associated passwords and enable enhanced security features like 2FA. Monitoring your account and reporting any unusual activity is crucial.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.