QR Code Scams: How a Man Stole Money at a Petrol Pump Using a Fake Google Pay QR Code
By: Javid Amin
With the increasing use of digital payments, QR code scams have emerged as a new method of theft. Recently, a 23-year-old man from Mizoram, identified as H. Lalrohlua, was arrested for a scam involving QR codes at a petrol pump in Aizawl. By replacing the legitimate QR code sticker at the station with his own, he diverted customer payments directly to his account.
The Incident at Mizofed Petrol Pump
The scam came to light when the manager of Mizofed’s petrol pump at Treasury Square, Aizawl, noticed suspicious activity. Customers’ payments were going to an unknown account, leading to a financial discrepancy at the pump. Upon investigating, the manager discovered that the QR code sticker had been tampered with, prompting him to file a complaint with the local police.
Inspector General of Police (Law and Order), Lalbiakthanga Khiangte, stated that the complaint led to an investigation, resulting in the arrest of Lalrohlua. After questioning, Lalrohlua admitted to the crime, revealing how he had printed and swapped his own Google Pay QR code with the legitimate one at the petrol station.
How the QR Code Scam Was Carried Out
Here’s a breakdown of how Lalrohlua executed this QR code scam:
- Creation of a Fake QR Code: Lalrohlua generated a personal QR code for his Google Pay account.
- Swapping with the Original QR Code: He discreetly replaced the legitimate QR code at the pump with his fake code, tricking customers into unknowingly transferring money to his account.
- Money Diversion and Customer Payments: Three unsuspecting customers made payments totaling ₹2,315 to Lalrohlua’s account. Out of this, he returned ₹890 to one of the customers, while spending the remaining ₹1,425 himself.
This method of scamming, although limited in its monetary value in this case, highlights the vulnerabilities present in QR code transactions.
Other QR Code Scams: An Example from Ahmedabad
A larger QR code scam recently surfaced in Ahmedabad, where a paint company was defrauded of ₹46.87 lakh. In this instance, a contractor used counterfeit QR codes to manipulate the company’s reward system. Here’s a summary of how it worked:
- Reward Points System Exploited: The paint company offered contractors and workers reward points for purchases, redeemable through QR codes.
- Counterfeit QR Codes Created: The accused contractor generated fake QR codes, allowing him to redeem points beyond the value of his actual purchases.
- Funds Diverted to Multiple Accounts: The fraudulent QR codes enabled him to transfer funds to 35 different bank accounts, draining the company of nearly ₹47 lakh.
This case underscores the financial losses that can result from QR code scams, especially when embedded in reward systems or other payment mechanisms.
Understanding QR Code Scams and How to Protect Yourself
QR code scams work because they exploit a small but critical vulnerability: our trust in the visual legitimacy of QR codes. By replacing genuine codes with fake ones, scammers can easily redirect funds without the user’s knowledge. Here’s what you need to know to protect yourself from QR code scams.
1. How QR Code Scams Work
- Fake Code Placement: Scammers create QR codes that link to their accounts. They then place these codes in locations where legitimate codes are used, such as at stores, petrol stations, and even charity events.
- Customer Misdirection: When customers scan the fake QR code, their payments go directly to the scammer’s account.
- Difficulty in Detection: Since most users don’t check the account details post-scan, such scams often go unnoticed.
2. Common Places for QR Code Scams
- Fuel Stations and Retail Outlets: With high transaction volume and less scrutiny, fuel stations are prime targets.
- Public Spaces and Restaurants: QR codes for menu access or donations can also be tampered with.
- Reward or Redemption Systems: Scammers target companies with point-based reward systems, redeeming fake points for cash or rewards.
3. Practical Tips to Avoid Falling Victim to QR Code Scams
- Verify the QR Code Source: Before scanning, check if the QR code sticker or display looks tampered with. Ensure it matches the branding and quality of the official business.
- Use Company-Provided Apps for Payments: Many businesses offer dedicated apps or verified platforms for transactions. Using these adds a layer of protection against fake codes.
- Enable Payment Alerts: Set up SMS or app notifications for each transaction. Immediate alerts allow you to quickly recognize unauthorized payments.
- Confirm with Store Employees: If you’re unsure about a QR code, ask store staff to confirm its legitimacy or provide an alternative payment method.
- Examine Transaction Details Carefully: Before finalizing any payment, check that the recipient details match the business name. Most UPI apps display this information before confirming a transaction.
What Companies and Authorities Are Doing to Combat QR Code Scams
In response to the rise in QR code scams, digital platforms and regulatory bodies are enhancing security measures:
- Strengthened Authentication on Payment Platforms: Apps like Google Pay, PhonePe, and Paytm are enhancing authentication processes, requiring additional user verifications for high-value transactions.
- Merchant Verification Systems: Platforms are working to implement verified merchant accounts, which allow users to see a business verification badge when making payments.
- Educational Campaigns on Digital Safety: Government initiatives and companies are educating users on safe digital practices, emphasizing caution when scanning codes and the importance of transaction verification.
- Enhanced Fraud Detection Algorithms: Payment platforms are utilizing AI to detect unusual payment patterns and flag them as suspicious. This helps in identifying and alerting users about potential scams.
What to Do If You Suspect a QR Code Scam
If you realize you’ve scanned a fake QR code, take immediate steps to secure your funds and report the incident:
- Freeze Your Account: Contact your bank to temporarily freeze your account to prevent further unauthorized transactions.
- Report to the Payment Platform: Most UPI apps have a grievance system for reporting fraudulent transactions. Reporting helps the platform take preventive actions.
- File a Police Report: In India, the National Cyber Crime Reporting Portal (cybercrime.gov.in) allows you to register online complaints about financial fraud.
- Monitor Your Accounts Regularly: Keep an eye on your account statements to detect any unusual activity quickly.
Final Thoughts: QR Code Safety in Digital Transactions
QR codes offer a convenient payment method, but users should be aware of potential risks. This incident in Mizoram is a wake-up call to consumers to stay cautious and vigilant with every digital transaction. As QR codes continue to evolve in digital commerce, understanding how to recognize and avoid scams is crucial.