Payment QR Sticker Swapping Scam
INDIA — By BharatSecure Threat Intelligence Team ·
Verdict: Suspicious | Risk Score: 9/10 | Severity: critical
How Payment QR Sticker Swapping Scam Works
Overview: This scam cunningly replaces shop or public UPI payment QR codes with counterfeit ones, siphoning money to criminals when unsuspecting customers scan and pay. It impacts shoppers, parking lot users, and small merchants, and is especially dangerous because payments go instantly and are hard to reverse. How It Works: Fraudsters print fake QR codes tied to their own UPI IDs and stick them over legit ones at payment counters, canteens, parking booths, or even temple donation boxes. When someone scans and pays, believing the money is going to the shop or service provider, it actually routes to the fraudster’s account. India Angle: UPI payments are widespread across India, especially post-pandemic. QR code tags are seen everywhere: kirana stores, petrol pumps, street vendors, urban parking meters, and religious places. Both cities and semi-urban regions are impacted, as is anyone who pays using Google Pay, PhonePe, or Paytm. Real Examples: - A petrol pump in Lucknow had several complaints after customers' payments didn’t reflect, only to find fake QR stickers pasted over the original. - A South Delhi parking lot attendant discovered new QR codes pasted right over the printed board overnight. Red Flags: - Stickers with mismatched logos, blurred printing, or odd typography. - QR codes covering original codes, or stickers not aligned properly. - Merchant’s name not matching the shop or business when reviewing post-scan. - Lack of printed bill or confirmation from the business after paying. Protective Measures: - Double-check the merchant's name and number before completing payment. - Only use QR codes that are printed securely or ask the merchant to confirm. - For sizeable payments, insist on receipts. - Warn others if you spot suspicious, poorly placed QR stickers. If Victimised: - Immediately contact your bank helpline to report unintended transactions. - Report to 1930 and file a complaint at cybercrime.gov.in. - Inform the business or authority at the location about the scam sticker. Related Scams: - Fake donation QR codes on social media fundraisers. - SMS/WhatsApp payment link frauds.
How This Scam Works — Detailed Explanation
The Payment QR Sticker Swapping Scam primarily targets unsuspecting shoppers, small merchants, and users of public facilities that rely on UPI for digital payments. Scammers typically set up shop in crowded areas such as market places, parking lots, or even temples where donations are collected. Utilizing common platforms like WhatsApp, these criminals can also lure individuals through offers or fake marketing brochures. They carefully identify locations and times when merchants are least vigilant, preparing to replace genuine QR codes with counterfeit ones that link directly to their own UPI accounts.
To execute their plan, fraudsters employ various psychological tactics. They leverage urgency and trust, convincing their victims that payment methods are seamless and that there’s no chance of fraud in digital transactions. Most victims are given little time to question the legitimacy of the QR code before they proceed with the payment. Often, the counterfeit sticker is extremely well-made, making it hard for a lay-man to differentiate between the original and the fake. By creating an illusion of normalcy, these scammers effectively lower the guards of customers who are increasingly relying on the convenience of UPI transactions.
Once a victim scans the counterfeit QR code and proceeds with a payment, the money is instantaneously transferred to the scammer's UPI ID. The process leaves little room for intervention. For instance, if a shopper at a popular street market mistakenly scans a QR sticker that has been swapped, they will likely receive no confirmation from the merchant after payment completion. The criminal, who may even be present at the scene, knows the transaction is complete and can move on or wipe evidence before the victim realizes what happened. A real-life case reported by various news agencies highlighted a woman who lost ₹50,000 at a canteen counter in Delhi due to this very scam, showing how quickly victims can lose large sums of money without any recourse.
In India, the impact of such scams is significant, both financially and emotionally. Reports indicate that more than ₹200 crore was lost to various payment scams in 2022 alone, with a notable portion attributed to QR swapping frauds. The Ministry of Home Affairs and the Reserve Bank of India (RBI) have raised concerns about the rising rates of digital payment fraud, and advisories from CERT-In highlight the need for increased vigilance among both users and merchants. Knowing that these scams are relatively new and take advantage of the rapid adoption of UPI—India's leading digital payment method—highlights the critical need for public awareness and vigilance in tackling this crime.
To differentiate between authentic payment requests and scams, it is crucial to remain vigilant. Legitimate merchants will often have branded QR codes that do not look ill-fitted or mismatched with surrounding signage. If you notice a QR sticker that is poorly adhered, layered over another sticker, or does not reflect the store name correctly, it could be counterfeit. Additionally, if your payment prompts notifications that seem automated or generic without a valid confirmation from the merchant, proceed with caution. Being aware of these warning signs can help you avoid falling victim to the Payment QR Sticker Swapping Scam.
Visual Intelligence:
BharatSecure's AI has identified this as a used in scams targeting Indian users.
Who Does Payment QR Sticker Swapping Scam Target?
General public across India
Red Flags — How to Identify Payment QR Sticker Swapping Scam
- QR stickers poorly stuck on or layered over others
- No notification from merchant after payment
- Merchant name differs from shop/store
- Sticker design looks odd or mismatched
What To Do If You Encounter Payment QR Sticker Swapping Scam
- Report any suspicious QR code or payment incident to the cybercrime helpline by calling 1930.
- Notify your bank immediately if you suspect you've made a transaction to a fraudulent QR code.
- Check your bank statements for unauthorized transactions and report discrepancies to your bank's helpline (SBI 1800-11-1109, HDFC 1800-202-6161).
- Educate yourself on the safety features of UPI transactions and how to identify legitimate merchant codes.
- Share your experience on social media to warn others and raise awareness about the scam.
- Visit cybercrime.gov.in to report the incident and seek further guidance on protective measures.
How to Report Payment QR Sticker Swapping Scam in India
- Call 1930 — National Cyber Crime Helpline (24x7)
- File a complaint at cybercrime.gov.in
- Contact your bank immediately if money was lost
- Call RBI helpline: 14440 for banking fraud
Frequently Asked Questions
- What to do if I shared my OTP in a UPI scam?
- Immediately call your bank's helpline to report the issue and temporarily block your UPI ID. You can also reach out to 1930 for additional support.
- How can I identify the Payment QR Sticker Swapping Scam?
- Look for poorly placed QR stickers, discrepancies in merchant names, or any unusual communication after payment. Legitimate QR codes should always be well-made and pertain directly to the merchant.
- How can I report this type of scam in India?
- You can report the scam by calling the cybercrime helpline 1930, or visit cybercrime.gov.in to file a detailed complaint.
- What are the steps for recovering money after this scam?
- Contact your bank right away to dispute the transaction and request a reversal. If funds were lost due to fraudulent QR code usage, make sure to file a report on cybercrime.gov.in as well.
Related Scams in India
Verify Any Suspicious Message
Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.