+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Quishing on the rise – Be alert while scanning payment QR codes

Jan 18, 2024, 14:03 IST
Business Insider India
Representational imageCanva
  • Quishing or the use of QR codes to steal money and personal information has been on a rise in India.
  • Nearly half of UPI-related frauds in 2023 reportedly involved the use of QR codes.
  • Here’s everything you need to know about quishing and how to protect yourself from such scams.
Advertisement
Digital payments have grown by leaps and bounds in India over the past few years, with unified payments interface (UPI) making it easier to pay on the go. While UPI has made payments easier, scammers have also kept abreast with technology to come up with new ways to defraud people.

The latest deceit has scammers resorting to quishing to steal money, personal information and committing identity theft.

What is quishing?



You may have heard about terms such as phishing, card skimming, email spoofing and more. But quishing is a rising scam that involves the use of fake QR codes to redirect the user to a fake website or to steal information.

According to a report, complaints related to UPI frauds have increased from 15,000 cases in 2022 to over 30,000 in 2023. Of this, nearly half of the cases reportedly involved QR codes

Advertisement

It’s not just UPI, QR codes have been in use for a long time now, be it for sharing information about a product or sharing a digital menu at some restaurants.

QR code frauds have also risen in countries like the US, with the Federal Trade Commission (FTC) issuing an alert, cautioning users about harmful links in QR codes.

Here’s how quishing works



In quishing, the scammer generally asks the victim to scan a QR code using the camera, which then redirects the user to a website created by the scammer. This website is generally an imitation of a genuine website, be it an e-commerce platform, a bank or other platforms that deal with important personal and financial information.

Then, the website asks the user to enter their personal information or account details. When the user enters this information, the information is sent to the scammer, who can use this information to steal money or commit identity theft.

Advertisement
In some instances, these QR codes also prompt the victim to enter their UPI PIN to send money. When the user enters their UPI PIN, the scammer receives it and can use it to steal money.

Not just this, QR codes may also include malicious files, which are automatically downloaded when the user scans the code. This may infect the user’s smartphone and steal their personal information without them even knowing.

How to protect yourself from quishing?



Here are some steps you can take to protect yourself:

  • Avoid scanning QR codes when you are not aware about who has placed it, especially in public areas which can be accessed by anyone.
  • Do not scan QR codes if you receive them from unknown people in a message or email.
  • Avoid scanning QR codes shared on social media, as they may contain malicious files.
  • When scanning a QR code that includes a link, inspect the URL before clicking on it.
  • If the QR code includes a shortened URL, avoid clicking on it unless you trust the source.
  • If a QR code leads you to a website, ensure that it is authentic and ensure it is not a phishing attempt.
  • Do not share personal information after you visit a website by following a QR code if you are not certain about its authenticity.
Other scams you need to be aware about –

Advertisement
ScamHow it works
PhishingInvolves creation of fake websites to obtain personal and financial information.
VishingInvolves the use of fraudulent phone numbers to obtain personal and financial information.
PharmingThis involves redirection of users from a genuine website to a fake website.
SmishingInvolves use of text messages to obtain personal and financial information.
SkimmingInvolves duplication of debit or credit card, allowing the scammer to steal money.

SEE ALSO:

Samsung Galaxy S24 series with Galaxy AI debuts starting ₹79,999

Apple beats Samsung for the first time since 2010, tops global smartphone shipments

OnePlus 12 with the Snapdragon 8 Gen 3 launch in India on Jan 23 – everything we know so far
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article