A QR code is just a shortcut. It can contain a website, a UPI payment link, a phone number, a Wi-Fi password, a text message, or an app download link. A QR scam happens when that shortcut pushes you toward something you did not clearly agree to.
Common examples
- A parking QR sticker sends you to a payment page that looks official but uses a strange domain.
- A restaurant menu QR opens a fake ordering page that asks for card details before showing the menu.
- A WhatsApp offer QR says "claim cashback" and sends you to a login page that copies a bank or wallet brand.
- A UPI payment QR has the wrong receiver name, but the counter is crowded and you tap pay quickly.
- A fake KYC QR opens a page asking for PAN, Aadhaar, OTP, or banking passwords.
- An APK download QR says it is a support app, coupon app, or update app.
The risky part is the action after scanning
The square code itself is not the real danger. The danger is opening a hidden link, authorising a payment, entering private details, sending a prefilled SMS, or installing an app because the QR made it feel quick and official.
A useful habit
Before acting, check what the QR contains. Is it the business you expected? Is the receiver name correct? Is it asking for OTP, PIN, KYC, or an APK download? If the answer feels unclear, stop.
ScanRaksha on Google Play helps you preview QR contents and warning signs before you open a link, pay through UPI, or download a file. It helps with risk awareness, but it does not guarantee that a QR code is safe.