How to protect yourself from QR Code + Fake App Installation Scam?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

QR Code + Fake App Installation Scam

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: UPI, WhatsApp, KYC

How QR Code + Fake App Installation Scam Works

Overview This scam involves tampered QR codes placed in public places or shared digitally, tricking victims into installing counterfeit UPI apps. Once installed, these fraudulent apps mimic legitimate payment providers but capture sensitive data through fake 2FA prompts or keyloggers. Even tech-savvy users are at risk if they don’t diligently verify app sources, making the scam especially threatening in urban and semi-urban India where QR payments are popular. How It Works 1. Scammer places a printed or digital QR code on posters, shop counters, or as images in WhatsApp groups. 2. When the user scans the code, it triggers a download of a lookalike UPI app (APK) that is not available in the Google Play Store or App Store. 3. The app prompts the user to set up "mandatory 2FA" or complete a KYC, requesting UPI credential entry alongside OTP or PIN. 4. Hidden in the background, the app may request device permissions (SMS, notifications, contacts), allowing it to intercept 2FA codes or keylog sensitive input. 5. Credentials are sent to the scammer, who executes unauthorized UPI transactions. India Angle Adopters of digital payments in India, especially shopkeepers, small business owners, and working youth, are frequently targeted. Scams tend to concentrate in highly urbanized centers (Mumbai, Delhi, Bengaluru, Pune), as well as growing market towns. The malicious QR code tactic is also spreading via local WhatsApp groups. Real Examples - At a juice shop, a customer scans the displayed QR. Instead of getting a Paytm payment prompt, their phone opens a "security app" to proceed with QR payment. - A WhatsApp message reads: "New RBI-approved UPI app. Setup required for cashback: scan QR to download." Red Flags - Apps prompting download from outside official stores - Unexpected requests for device permissions (SMS, notifications, contacts) - Merchant names or UPI VPAs differ from shop’s display name - [NAME_REDACTED] trusted payment app workflows Protective Measures - Only scan QR codes you trust—prefer those displayed within official apps - Never install UPI/banking apps from links or unauthorised QR scans - Block apps asking for excess permissions; uninstall suspicious apps - Use Play Store or official website for payment app downloads - Set device locks and biometric security on your phone If Victimised - Immediately uninstall the fake app and change your UPI PIN - Alert your bank, report to 1930 helpline and cybercrime.gov.in - Set up new device credentials and conduct a device malware scan Related Scams - Fake Cashback or Reward Apps - Play Store Lookalike Apps - Device Takeover via Remote Apps

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does QR Code + Fake App Installation Scam Target?

General public across India

Red Flags — How to Identify QR Code + Fake App Installation Scam

Prompts to install UPI app outside of Google Play Store/App Store
App requests SMS, contacts or notification access
QR scan leads to unfamiliar site or app
Merchant names don’t match the physical shop

What To Do If You Encounter QR Code + Fake App Installation Scam

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report QR Code + Fake App Installation Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is QR Code + Fake App Installation Scam?: Overview This scam involves tampered QR codes placed in public places or shared digitally, tricking victims into installing counterfeit UPI apps. Once installed, these fraudulent apps mimic legitimate payment providers but capture sensitive data through fake 2FA prompts or keyloggers. Even tech-savvy users are at risk if they don’t diligently verify app sources, making the scam especially threatening in urban and semi-urban India where QR payments are popular. How It Works 1. Scammer places a p
How does QR Code + Fake App Installation Scam work?: Overview This scam involves tampered QR codes placed in public places or shared digitally, tricking victims into installing counterfeit UPI apps. Once installed, these fraudulent apps mimic legitimate payment providers but capture sensitive data through fake 2FA prompts or keyloggers. Even tech-savvy users are at risk if they don’t diligently verify app sources, making the scam especially threaten
How to protect yourself from QR Code + Fake App Installation Scam?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report QR Code + Fake App Installation Scam in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.