The QR code may be printed on a poster, pasted on a parking board, shown in a WhatsApp image, or placed on a fake support page. Once scanned, it can send you to a page that looks like a bank, wallet, delivery company, restaurant, telecom provider, or government service.
Common QR phishing stories
- "Your KYC is expired. Scan this QR to update now."
- "Scan for a restaurant discount, then log in with your wallet number."
- "Scan this WhatsApp offer QR to claim a free gift."
- "Scan to download the customer support APK."
- "Scan to pay parking fine today or pay extra tomorrow."
What the fake page wants
It may ask for OTP, card details, UPI PIN, net banking password, PAN, Aadhaar, email password, or permission to install an app. A phishing page usually pushes urgency: blocked account, expiring reward, missed delivery, unpaid parking, or failed KYC.
Watch the request, not just the logo
A copied logo is easy. A strange domain, urgent words, OTP request, payment PIN request, or APK download is the part worth noticing.
ScanRaksha on Google Play helps preview QR links, redirects, and risky download signals before you open the page.