In India, QR codes are everywhere. Buying chai? QR code. Paying for parking? QR code. Donating at a temple? Yep, another QR code. Restaurant menu, you get the picture! Also, what got me thinking about this blog – paying a bribe, yes – I kid you not, QR code. It’s magical, frictionless, and feels like the future. Until you realize it’s also a perfect setup for scams.

Here’s the thing: a QR code is just a black-and-white blob that hides a URL. You don’t know where you’re going until you scan it. That makes it a dream for phishers—“quishing,” as the security folks call it. Trend Micro recently flagged a surge in QR-based phishing, where you scan a code and land on a slick fake payment site. By the time you notice, your money’s gone.

And the physical hacks are even sneakier. In Mohali, scammers literally pasted their own QR stickers over real ones at scooter shops. In Nagpur, fake “donation” QR codes at a shrine siphoned money into private accounts. It’s the oldest trick in the book: swap the address label, redirect the cash. Only now the label is a QR code, and nobody looks twice.

This isn’t a niche problem. According to Indian government data, QR frauds have exploded in the past two years, with tens of thousands of scams reported (Dragonfly Intelligence, 2024). The trust model is broken because QR codes look official, but they’re just ink.

How to Stay Safe

• Use scanners that preview the URL.
• Inspect for stickers slapped over the original.
• Never scan mystery codes in email or WhatsApp.

So what do you do? Treat QR codes like any sketchy link.

---