How to protect yourself from Deep Link QR Code Phishing via Messaging Apps?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Deep Link QR Code Phishing via Messaging Apps

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, WhatsApp, KYC

How Deep Link QR Code Phishing via Messaging Apps Works

Overview: The Deep Link QR Code Phishing scam leverages QR codes shared in popular Indian messaging apps like WhatsApp or Telegram to directly open banking or wallet apps via special 'deep links.' By bypassing web browser security checks, these attacks sidestep common phishing warnings and directly expose users' financial apps to credential theft, unauthorized payments, or malware infection. Victims are often regular smartphone users, including students and daily wage earners, drawn in by messages promising job offers, cashback deals, or urgent payment issues. How It Works: 1. Scammers circulate messages containing QR codes and claim urgent issues like KYC expiry, instant account blocking, or attractive offers. 2. Recipients are asked to scan the QR code, which redirects them to open a banking or UPI wallet app (like PhonePe, Paytm, or Google Pay) instantly using deep link functionality. 3. In some cases, a fake login or PIN input screen is presented over the genuine app, confusing the user into revealing credentials. 4. Upon entry, the attacker obtains access to accounts and can make instant unauthorised transfers or lock out the user. India Angle: Given the dominance of WhatsApp and other messaging apps in India, and the high trust in QR code offers, this scam is rapidly spreading in both urban and semi-urban centres such as Gujarat, Maharashtra, and Tamil Nadu. The scam especially targets smartphone users aged 18-35, including job seekers, students, and gig economy workers. Real Examples: - "Your Paytm cashback is ready! Scan QR in WhatsApp to claim instantly." - "Complete your KYC in 1 minute—scan the QR code now, or account will be blocked." Red Flags: 1. QRs attached in casual chat or group messages 2. Links or QRs taking you directly into financial apps post-scan 3. Unexpected PIN or password screens after scanning 4. Urgent calls to action from unknown numbers Protective Measures: - Never trust QR codes from group chats or unsolicited individual messages - Always check the URL or in-app prompt for official branding - Log in and check notifications via the app directly instead of scanning external QRs - Use biometric or 2FA features as per new RBI/BIS guidelines If Victimised: - Contact 1930 and report the scam immediately - Change all passwords and PINs in the affected app - Freeze accounts and notify your financial provider Related Scams: - Cashback/reward claim phishing - Fake job offer links with instant app access - Account KYC update fraud

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Deep Link QR Code Phishing via Messaging Apps Target?

General public across India

Red Flags — How to Identify Deep Link QR Code Phishing via Messaging Apps

QR codes shared in WhatsApp/Telegram group chats
QR scan directly opens UPI/bank app or asks for PIN
Notifications not visible in the official apps
Urgent KYC or cashback prompts from strange numbers

What To Do If You Encounter Deep Link QR Code Phishing via Messaging Apps

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Deep Link QR Code Phishing via Messaging Apps in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Deep Link QR Code Phishing via Messaging Apps?: Overview: The Deep Link QR Code Phishing scam leverages QR codes shared in popular Indian messaging apps like WhatsApp or Telegram to directly open banking or wallet apps via special 'deep links.' By bypassing web browser security checks, these attacks sidestep common phishing warnings and directly expose users' financial apps to credential theft, unauthorized payments, or malware infection. Victims are often regular smartphone users, including students and daily wage earners, drawn in by messag
How does Deep Link QR Code Phishing via Messaging Apps work?: Overview: The Deep Link QR Code Phishing scam leverages QR codes shared in popular Indian messaging apps like WhatsApp or Telegram to directly open banking or wallet apps via special 'deep links.' By bypassing web browser security checks, these attacks sidestep common phishing warnings and directly expose users' financial apps to credential theft, unauthorized payments, or malware infection. Victi
How to protect yourself from Deep Link QR Code Phishing via Messaging Apps?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Deep Link QR Code Phishing via Messaging Apps in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.