1. Preview before opening
Do not let the QR open blindly. First check whether it is a website, UPI payment, SMS, email, phone call, Wi-Fi code, contact card, or app download.
2. Check the real destination
For a link QR, look at the domain. A restaurant menu should not open an unrelated login page. A parking QR should not hide behind a strange short link. A bank or KYC QR should not use a misspelled domain.
3. Check payment details
For UPI QR codes, confirm receiver name, UPI ID, amount, and note in the payment app before entering your PIN.
4. Avoid pressure words
Be cautious when a QR mentions urgent KYC, blocked account, refund, cashback, WhatsApp prize, unpaid fee, or immediate delivery hold.
5. Avoid surprise downloads
Do not install an APK because a QR page says it is support, security, update, coupon, or verification software. Install apps from official stores whenever possible.
Simple decision rule
If the QR asks for money, OTP, PIN, password, identity details, or an app install, pause and verify through a trusted channel.
ScanRaksha on Google Play is built around this pause: decode the QR, show the important details, and explain warning signs before you continue.