QR code scams likely to grow this festive season, experts say


QR code scams likely to grow this festive season around the corner, financial scams and fraudulent transactions are expected to rise. According to The Future Crime Research Foundation (FCRF), a non-profit start-up incubated at the Indian Institute of Technology (IIT) Kanpur, there has been an increase in online financial fraud related cases, including those involving quick response (QR) codes, one-time passwords (OTPs) and debit/credit card transactions. These cases make up close to 77.5 per cent of cyber-crimes in India.

In a QR code scam, a fraudster sends potential victims a QR code that appears to be for a legitimate payment. Fraudsters then tell the receiver to scan the QR code, enter the amount they want to receive, followed by an OTP (One-Time Password). Cyber experts believe that during the upcoming festive season, consumers need to be vary of such tactics. “Whenever there is an increase in consumer offers and communications (such as during the festive season), there will always be an increase in scam activity as the volume of new messages provides fertile ground for fraudsters misrepresenting trusted brands. This should also be a time where those trusted brands educate the public on potential scams,” said Nader Henein, VP Analyst, Gartner.

Another report by cybersecurity firm Quick Heal Technologies, revealed that in Q2 2023 (April to June), Kolkata, Mumbai, Pune, Bengaluru and New Delhi were the top Indian cities affected by online threats. Among the Top 10 cities, Kolkata led the list with 7.08 million threats, followed closely by Mumbai with 7.00 million threats, it said. Last month, the Bengaluru police highlighted QR code scams as one of the fast emerging fraudulent activities related to online financial transactions, with over 7,000 online cases reported in the first half of this year. Last week, the Maharashtra Police also issued an advisory for citizens, cautioning them against QR code scams.

Henein suggests that individuals should not use QR codes posted in public or provided through non-trustworthy channels. “They could be easily manipulated to send the user to a compromised site where their data could be stolen, or where they could be exposed to malware. Businesses should make it very clear, if and when they use QR codes in their consumer communications,” he said.

The exposure in India is proportional to the usage and the consumer education, he adds. “The initial hype around QR codes has softened in many countries as there was an equally large wave of abuse early on. Today they are most commonly used online to facilitate a second factor of authentication, or to transfer small amounts of data between one device and another,” he said.

According to a study by consulting firm Boston Consulting Group (BCG), QR-code payments are accepted by more than 30 million merchants in India today, a substantial increase from 2.5 million merchants five years ago. With the country’s digital payments space likely to grow more than threefold to $10 trillion by 2026, this mode of payment is expected to grow dramatically, too.

× WhatsApp