You’re at a local market, ready to pay for your groceries. The vendor holds up a QR code. You open your phone, scan it, enter the amount, and hit “Pay.” A second later, you get a confirmation. Simple, right? It’s the magic of UPI that has made our lives so convenient.
But what if that simple scan was the moment your bank account started emptying itself?
A dangerous new wave of UPI scams (QR code scams 2025) is targeting millions of Indians, and it all revolves around that innocent-looking black-and-white square: the UPI QR code. These aren’t the old-fashioned phishing links; they are sophisticated, social engineering tricks that can leave you financially devastated in the blink of an eye.
The good news? You can fight back against these UPI payment fraud or QR code scams . By understanding the scam and tweaking a few crucial settings on your UPI app, you can build a fortress around your money. Let’s break it down.
UPI frauds are scams where cybercriminals trick people into making unauthorized transactions through the Unified Payments Interface (UPI) system. These frauds don’t usually happen because of a weakness in UPI itself (it’s highly secure and regulated by the National Payments Corporation of India – NPCI), but because of social engineering—fraudsters fooling users into approving payments without realizing it.
What Are UPI Frauds?
🔹 Common Types of UPI Frauds:
QR Code Scams
Fraudsters share a QR code and claim it’s for receiving money, refunds, or rewards. In reality, when you scan and approve, you end up paying them.Fake Customer Support Calls Scammers pretend to be bank/UPI representatives and trick you into sharing your UPI PIN, OTP, or installing remote-access apps.
Phishing Links Fraudsters send fake payment links (via SMS/WhatsApp/email). Clicking them may lead to a fake UPI app or automatically debit your account.
Screen-Sharing Scams Using apps like AnyDesk or TeamViewer, scammers ask victims to share their screen, then steal UPI credentials and authorize payments.
Cashback/Reward Scams Victims are told they’ll receive cashback or prizes by scanning a QR code or approving a request—but instead, money is deducted.
Why QR Code Frauds Are Rising in India:-
India is experiencing a record-breaking boom in digital payments with UPI facilitating billions of transactions each month. Among them, QR code payments have emerged as the most convenient option for both merchants and customers alike. Be it tea stalls or shopping malls, paying by scanning a QR code is second nature now.
But with this ease comes a shadow. Cybercriminals have moved swiftly and fast, taking advantage of loopholes in people’s awareness instead of the UPI system itself. Scams like fake QR codes, phishing scams, and social engineering stunts are being employed to get people trapped into making transfers unwittingly.
How the “Scan-to-Pay” Becomes a “Scan-to-Steal”
- First, let’s unMYSTIFY the UPI fraud scam. You believe you’re on the verge of getting money, but you’re actually approving a payment.Let’s take a typical scenario:The Phony “Helping Hand”: A scammer impersonating a bank representative, a delivery guy, or even someone who might be interested in buying from you on a platform like OLX calls you. They tell you that they need to confirm your account or need to send you a refund/advance payment.They ask you to scan a QR code in order to receive the money. They are very convincing and professional-sounding.The Horrific Consequence: The QR code that they send you is not one to receive money—it’s a “Collect” or “Request Money” QR code.
The moment you scan it and enter your UPI PIN, you are not receiving funds; you are authorizing a payment from your account to theirs. Your money is gone in an instant. coz this was the digital payment scams.
The scam works because we’re conditioned to think of QR codes as a tool for paying others. Scammers exploit this trust and our momentary confusion.
Your Digital Shield: 5 Non-Negotiable UPI Safety Settings
You don’t need to know a lot about technology to keep yourself safe. You just need to be a vigilant user. Enable (UPI fraud alert) these five settings on your UPI app (like PhonePe, Google Pay, Paytm, or your bank’s app) right now.
1. Enable Transaction Notifications & App Lock (The First Alarm)
This is your first line of defense. Ensure every single transaction, no matter how small, triggers an immediate SMS and a push notification on your phone. Do not ignore these! They are real-time alerts if something is wrong.
How to set it up: Go to your UPI app’s settings > Notifications > Turn everything ON. Also, enable Biometric Login or an App Lock PIN/Face ID so no one can open your payment app even if they have your phone.
2. Set a Low Daily Transaction Limit (The Spending Cap)
Why does your account need the ability to send ₹1 lakh in a day if you only ever spend ₹5000? Most banks and UPI apps allow you to drastically reduce your daily transaction limit. This acts as a circuit breaker. Even if you get scammed, the thief can only drain a limited amount.
How to set it up: Log into your net banking portal or your bank’s mobile app. Look for “UPI Transaction Limit” or “Daily Spending Limit” and set it to the lowest comfortable amount for your daily needs.
3. Disable the “Override Mode” (The Power Switch)
This is a critical one. Some UPI apps have a feature that allows a user to bypass the daily limit for a single transaction by entering their UPI PIN again. Scammers love this. If you can, TURN THIS OFF.
How to set it up: This setting is often found in the “UPI Settings” or “Payment Controls” section of your banking or UPI app. If you can’t find it, a quick call to your bank’s customer care to disable “Single Transaction Override” is worth its weight in gold.
4. Enable “Scan and Pay” Confirmations (The Double-Check)
Before any payment is finalized, your app should show you a clear confirmation screen with the exact payee name (not just a handle!) and the amount. Never, ever skip reading this screen.
How to set it up: This is usually enabled by default, but ensure you haven’t accidentally turned off any “review payment” prompts in your settings.
5. Review Linked Accounts & Active Sessions (The Housekeeping)
Periodically, check which bank accounts are linked to your UPI ID and which devices are logged in. If you notice a device you don’t recognize, log out of it right away.
How to set it up: In your UPI app, go to Settings > Linked Accounts / Bank Accounts to review. For active sessions, look for “Logged-in Devices” or “Session Management” in the profile or security section.
Beyond Settings: Cultivate Safe Habits
Technology is only half the battle. Your awareness is the other half.
The Golden Rule: You NEVER scan a QR code to RECEIVE money. The only thing you should ever scan is a merchant’s “Pay” code. Receiving money requires no action from you. Means if you are receiving from anywhere money nothing to do by you.
Your UPI PIN is Sacred: Never share it with anyone. Ever. Not even if someone says they’re from your bank. A real bank executive will never ask for it.
Verify the Source: If you get a QR code via message or email from an unknown number, be extremely suspicious. Verify the request through an official channel.
When in Doubt, Don’t: If a call, message, or situation feels even slightly off, just hang up and call your bank’s official customer care number (from the back of your card or their official website).
- Use MobiArmour app (Paid) : – MobiArmour protects your digital life in real time from the threats of malware attacks, phishing websites, social networking scams, financial fraud, and fake QR codes. Some of its best features include.
Additional Safety Tips:-
Never scan a QR code sent by strangers, no matter how genuine it looks.
Double-check merchant names before making payments.
Update your UPI app regularly to benefit from security patches.
Educate family members, especially the elderly, who may be less tech-savvy.
By activating these settings now, you are asserting strong control over your financial well-being. Do forward this to your family and friends—particularly new users of digital payments. A few minutes’ setup may save them a lifetime of remorse.
Disclaimer: The information provided here is for general educational purposes only and does not constitute financial or security advice. While we strive for accuracy, UPI processes and scam tactics change frequently. Always confirm safety settings with your bank or UPI provider directly, and exercise caution with all transactions. We are not liable for any financial loss or damage resulting from the use of this information.
FAQ: Your UPI Safety Questions, Answered
Q1: I’ve been UPI scammed! How to complain UPI transaction fraud?
A: Act instantly. First, call your bank’s 24-hour customer care helpline (UPI fraud helpline number) and ask them to block your UPI access and debit card. Then, file a complaint on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or call the helpline 1930. The sooner you report, the higher the chance of recovering your funds.
Q2: Are UPI payments safe? Should I stop using them?
A: UPI itself is a very secure and robust system developed by the NPCI. The vulnerability is not the technology but social engineering—tricking users into making a mistake. You don’t need to stop using UPI. You just need to use it wisely by following the safety practices outlined above.
Q3: How can I tell if a QR code is for ‘collecting’ money?
A: This is the tricky part. Visually, they look identical. You cannot tell by looking. This is why the rule is absolute: never scan a code from an unverified or unexpected source, especially if someone tells you it will put money into your account.
Q4: My bank’s app doesn’t have all these settings. What should I do?
A: The availability of settings like “override disable” can vary. Your best bet is to:
Call your bank and specifically ask them to lower your UPI transaction limit and disable any override feature.
Consider using a major third-party UPI app (like PhonePe or Google Pay) that often provides more granular user control and security features.
Q5: Can a scammer access my account just by me scanning a code?
A: No, not just by scanning. The critical step that drains your account is you entering your UPI PIN. Scanning the code alone is like giving someone your account number; it’s not enough to transact. The PIN is the final key. Never enter it unless you are 100% certain you are making a payment to a trusted recipient.