QR Code Scams and UPI: How to Stay Safe

· Anuranjan Vikas · 4 min read
upiqr-codepaymentsscamsguide

A QR code is usually for sending money, not receiving it. If someone says “scan this QR code to get paid” or asks you to enter your UPI PIN to receive money, treat it as a scam. NPCI’s UPI Safety Shield says UPI PIN is needed only to deduct money from your account, and QR codes should be scanned only for making payment, not for receiving money.

This one rule prevents many QR scams:

If you scan, review the receiver name. If you enter UPI PIN, money can leave.

How QR code scams work

Scammers use QR codes because they feel official and fast. You scan first, think later.

Common setups:

  • A buyer on OLX, Facebook Marketplace, or WhatsApp says they will pay by QR code
  • A fake customer support agent sends a QR code for refund processing
  • A courier scammer says scanning a QR will release a parcel
  • A fake UPI reward message says scan to claim cashback
  • A shop or parking QR code has been replaced with a scammer’s code
  • A charity, temple donation, or event QR code is copied or altered

The scam depends on confusion between “receive” and “pay.”

When QR codes are normal

QR codes are normal when you are paying:

  • At a shop
  • To a delivery person
  • To a vendor
  • To a friend after checking the name
  • On a trusted app checkout page

Even then, verify the receiver’s name before entering the UPI PIN.

When QR codes are suspicious

Be careful if:

  • Someone sends a QR code to “receive money”
  • The person is rushing you
  • The receiver name does not match
  • The amount is wrong
  • You are asked to enter UPI PIN for a refund
  • You are asked to install an app first
  • The QR code came from a forwarded image
  • The QR is pasted over an older QR at a shop
  • The payment page opens outside your UPI app in a browser

If the story is about receiving money, you should not need to enter your UPI PIN.

What to check before paying

Before you approve any UPI payment:

  1. Check the receiver name.
  2. Check the amount.
  3. Check whether it says pay, send, collect, mandate, or autopay.
  4. Do not approve if the name is unknown.
  5. Do not approve if the scammer is on call pressuring you.
  6. Do not approve if you are trying to receive money.

NPCI’s UPI safety guidance also warns against installing screen-sharing or SMS-forwarding apps at the request of an unknown person.

Common QR scam examples

Marketplace buyer scam

You list a sofa for sale. The buyer says:

I will send advance payment. Scan this QR code and enter PIN to receive.

That is a payment request in disguise. If you enter your PIN, you may send money instead.

Refund scam

Someone posing as airline, courier, wallet, bank, or e-commerce support says:

Your refund is approved. Scan the QR to receive it.

Real refunds do not need your UPI PIN.

Fake shop QR

At a shop or event, scammers can paste a fake QR code over the real one. Always check the merchant name on your UPI app before paying.

If you paid through a QR scam

Act quickly:

  • Take screenshots of the QR code, receiver name, UPI ID, and transaction details
  • Call your bank or UPI app support through the official app
  • Call 1930 if money was lost
  • File a complaint at cybercrime.gov.in
  • Report the scam communication on Sanchar Saathi Chakshu if it came by call, SMS, or WhatsApp

Do not send another payment if someone says it will reverse the first one.

How Kaval can help

Send the QR screenshot, payment request screenshot, or scam message to Kaval. Kaval can help identify whether the flow looks like a collect request, fake refund, marketplace scam, or impersonation attempt.

You can also read our broader guide on checking fake UPI payment requests.

Quick answer

Scan QR codes only when you intend to pay. Do not scan a QR code to receive money, and do not enter your UPI PIN for refunds, prizes, or buyer payments. If money was lost, call 1930 and report on cybercrime.gov.in.