🔍 UPI & QR Code Scams
📖 SECTION 1: Full Fraud Flow – Anatomy of the Scam
⚙️ Stage 1: Reconnaissance
- Criminal collects targets from:
- OLX, Justdial, social media (seller data)
- WhatsApp groups, Telegram leaks
- Phonebook exports via fake apps
- Job/loan ad respondents
⚠️ Stage 2: Social Engineering
| Tactic | Example |
|---|---|
| Authority Bias | “I’m from Bank/Police/Delivery” |
| Fear | “Account freeze – verify by UPI now” |
| Urgency | “Limited time cashback/refund” |
| Greed | “You’ve won ₹10,000, scan QR to claim” |
| Trust | Uses logos of NPCI, RBI, Paytm, etc. |
🧷 Stage 3: Delivery Mechanism
| Channel | Method |
|---|---|
| Fake QR image, GPay link | |
| SMS | fake-upi.in/pay/username, disguised with shorteners |
| “Secure UPI Verification” HTML mail | |
| QR Poster | Scam QR stuck over original (temples, shops, hospitals) |
🧪 SECTION 2: QR & UPI Technical Breakdown
✅ UPI Real Flow (For receiving payment)
- Sender opens UPI app
- Enters receiver’s UPI ID
- Enters amount
- Authenticates with UPI PIN
- Money goes to receiver’s VPA → bank
✅ No QR scan or PIN is needed by the receiver.
❌ Fake Flow Created by Scammer
- Scammer sends UPI “Collect request” disguised as QR or link
- Victim scans QR/link → opens UPI app
- Enters UPI PIN, thinking they’ll receive money
- But it’s a debit request → funds transferred to scammer’s VPA
🔧 Behind the Scenes: Tools Scammers Use
| Tool/Platform | Purpose |
|---|---|
| UPI QR Generator | Generates QR linked to scammer’s wallet |
| Fake Payment Screenshot Generator | Fools seller: “I’ve paid” |
| Link Shorteners | Hide phishing URLs (bit.ly, cutt.ly) |
| Custom Domains | Fake bank/govt look-alike sites (e.g., verifyupi-ind.in) |
| Malicious APKs | Fake UPI apps that steal SMS/OTP |
| Telegram Bots | Auto-send QR + payment link to victims |
🎯 SECTION 3: Real Case Studies (2023–2025)
🎭 Case: Fake Buyer on OLX
- Victim listed a bike for ₹25,000.
- Buyer sent QR code to “pay advance.”
- Victim scanned & entered PIN → ₹25,000 debited.
🚖 Case: Cab Driver QR Tampering
- At Mumbai airport, scammer pasted QR code on cab sticker.
- 10+ passengers paid fares to scammer UPI.
📦 Case: Zomato Delivery Refund Scam
- Victim tweeted food complaint.
- Fake “Zomato support” called.
- Sent QR refund code → ₹38,000 stolen in 3 mins.
⚖️ SECTION 4: Legal Remedies & FIR Drafting
🛡️ Applicable Sections
| Law | Description |
|---|---|
| 66D IT Act | Impersonation via electronic communication |
| 420 IPC | Cheating & dishonestly inducing delivery of property |
| 66C IT Act | Identity/data theft |
| 468 IPC | Forgery of digital documents (like payment proof) |
| 43A IT Act | Failure of secure systems (if app/bank leaks data) |
🧾 FIR Must Contain:
- Description of scam
- Screenshots of chat, payment message
- UPI ID, Transaction ID, mobile number of fraudster
- Victim’s bank statement
- Device used (IMEI)
- Date/time of occurrence
🕵️♂️ SECTION 5: Investigation Techniques for Cyber Cell
🔍 Trace UPI VPA to Real Account
- Using bank KYC via backend
- Contact Paytm, PhonePe, GPay Nodal Officer
- Find:
- Registered name
- Linked number
- Device IMEI & IP
- Linked accounts via NPCI logs
🧠 Key Tools & Platforms
| Tool | Use |
|---|---|
| UPI Explorer (internal) | NPCI backend used by banks |
| QR Scanner Metadata | Decode source code of QR |
| Shodan.io/Censys.io | Locate phishing server |
| mobsf | Scan malicious APK |
| Kali Linux – URLSnarf | Log web phishing traffic during bait |
| Telegram Open Bot Channels | Track fraud networks using bots |
🛡️ SECTION 6: Full Prevention Checklist
| Action | Why Important |
|---|---|
| ✅ Scan QR Only from Trusted Sources | Avoid altered/unknown QR codes |
| ❌ Never Enter UPI PIN When Receiving Money | PIN is only for sending money |
| 🔒 Enable App Locks & Biometrics | Extra protection for Paytm/GPay |
| 📱 Install Real-Time Antivirus | Detect malicious apps/links |
| 🧾 Check Merchant Name Before Paying | Watch for suspicious UPI names |
| 🧠 Educate Yourself & Employees | Awareness is the best firewall |
| 📴 Report Lost Phone Immediately | Block UPI via Bank Helpline |
📢 SECTION 7: Cyber Awareness Campaign Content (Ready-to-Use)
You can request the following custom material for your awareness drives:
| Resource | Format |
|---|---|
| 🔰 Infographic | UPI Scam vs Legit Flow |
| 📽️ 1-minute Video Script | “Why QR Codes Can Steal Your Money” |
| 📄 FIR Draft | For victims in local language |
| 📊 PowerPoint | For college/business awareness workshops |
| 🎨 Poster | “Safe QR Use Guide” in English/Marathi/Hindi |
| 📘 E-Booklet | “Top 10 Digital Frauds & How to Avoid” (PDF) |
| 📍 Real QR Samples | Fake vs Real for display board training |
📞 Where to Report (India)
- Dial 1930 immediately (Cyber Fraud Helpline)
- File complaint at: https://cybercrime.gov.in
- Notify your bank, request transaction hold or refund under RBI Loss Liability Framework
- File FIR under IPC + IT Act (section details above)
🛡️ Cyber Security Help is Just a Call Away!
📚 Training | 🧠 Awareness | 👨💻 Expert Consultation
📞 Suyash Infosolutions
📲 +91 93217 00024 WhatsApp
🕙 Timing: 10 AM – 5 PM (Mon–Sat)
✅ Stay Safe. Stay Smart. Stay Secure.
🌐 www.cyberinfo.space
