As digital payments become increasingly popular across India, the dark side emerges with a surge in scams related to the Unified Payment Interface (UPI). The convenience of making payments on the go is now a breeding ground for fraudsters utilizing a technique known as “quishing” to pilfer money and personal information from unsuspecting UPI users.
Source: SoSafe
The Quishing Phenomenon:
In recent years, the exponential growth of digital payments in India has been accompanied by a concerning increase in scams targeting UPI users. The rise of quishing scams, a newer form of digital fraud, involves scammers exploiting QR code scanning and UPI to stealthily abscond with users’ money and personal details, leaving behind minimal digital traces.
Source: LinkedIn
Understanding Quishing:
Distinct from traditional phishing scams, quishing introduces a fresh approach wherein scammers employ fake QR codes to entice individuals to deceptive websites, ultimately aiming to pilfer sensitive bank account information. The reported cases of UPI fraud complaints have surged from 15,000 in 2022 to over 30,000 in 2023, with approximately half of these complaints attributed to QR code scams, according to Times of India.However, quishing is not confined solely to scanning QR codes for UPI payments; any QR code directing users to a third-party website poses a potential risk to their finances and personal data.
Source: HTC
How Quishing Operates and Protective Measures:
Typically, a quishing scam unfolds when a scammer prompts a user to scan a QR code using their phone camera, redirecting them to a deceptive website. This site may mimic a legitimate e-commerce or banking platform, coaxing individuals into divulging personal information or bank details.
To exacerbate the threat, certain QR codes may request the user’s UPI PIN under the guise of verification. Once obtained, scammers exploit this information to drain the victim’s bank account. Some QR codes also embed malicious files or mirror software, granting scammers access to all the data stored on the victim’s phone.
To safeguard against quishing scams, it is imperative not to scan QR codes received from unfamiliar sources. Caution should be exercised when scanning QR codes on social media platforms, as they may harbor malicious files. Furthermore, individuals are advised against clicking on unfamiliar links that may emerge post-scanning. Exercise caution, especially when encountering shortened URLs in QR codes, and refrain from clicking unless the source is trusted.
