How do I check if a QR code is safe before scanning?

Upload the QR code image to PhishGuard's QR Tools. It decodes the QR and runs the hidden URL through the full phishing scanner — checking SSL, domain age, and brand impersonation.

QRishing is a phishing attack where a malicious QR code is placed over a legitimate one — on parking meters, restaurant menus or posters — to redirect victims to fraud sites that steal credentials or UPI payments.

Are fake UPI QR codes common in India?

Yes. Scammers place fake QR codes in markets, temples, and on social media claiming to collect donations or payments. Always decode and check QR codes using PhishGuard before making any payment.

What is QR code phishing (quishing) and how widespread is it in India?

QR phishing or 'quishing' is the fastest growing scam vector in India in 2024–25. Scammers replace legitimate QR codes (at petrol pumps, restaurants, parking meters, temples donation boxes) with fake ones that redirect to phishing pages or initiate unauthorised UPI payment requests. NPCI reported a 300% increase in QR-based UPI fraud complaints in 2023. Always scan QR codes through PhishGuard before making any payment.

How do I safely check a QR code before scanning it for a UPI payment?

Use PhishGuard's QR Scanner: upload a screenshot or photo of the QR code. PhishGuard decodes the URL embedded in the QR code and runs the full 55+ phishing analysis on that URL before you visit it. Never scan a QR code directly with your UPI app without first verifying the destination URL. Legitimate UPI payment QRs from shops will always resolve to a UPI deep link, not a website asking for login.

Can fake QR codes steal my UPI PIN or bank account details?

Yes — in multiple ways. A fake QR code can: (1) redirect you to a phishing page that looks like PhonePe, Paytm, or Google Pay asking to 'verify your UPI PIN', (2) initiate a COLLECT request for payment (you think you are receiving money but you are actually sending it), (3) redirect to a fake KYC page asking for Aadhaar and bank account details. RBI and NPCI have officially warned that entering your UPI PIN is never required to RECEIVE money.

How do QR code scams work at petrol pumps and shops in India?

Scammers print their own QR code stickers and paste them over the legitimate QR codes at petrol pumps, kirana stores, and street vendors. The sticker QR looks identical to the real one. When you scan it, your UPI payment goes to the scammer's account instead of the merchant. Always verify the payee name on your UPI app before confirming. If the payee name is an individual's name rather than the business name, do not proceed.

What should I do if I already scanned a suspicious QR code and made a payment?

Act immediately: (1) Do not enter any OTP or PIN on any resulting website, (2) Screenshot the transaction reference number, (3) Call your bank's helpline within 30 minutes — RBI guidelines give banks 10 working days to investigate QR-based fraud, (4) File a complaint at cybercrime.gov.in or call 1930 (National Cyber Crime Helpline), (5) Report the QR code to NPCI at npci.org.in/what-we-do/upi/dispute-management.

Are QR codes in PDFs, emails, or WhatsApp messages safe to scan in India?

QR codes in unexpected emails or WhatsApp messages are extremely high risk. Scammers send PDFs that look like official documents (electricity bills, income tax notices, job offer letters) containing QR codes that redirect to phishing sites. Never scan a QR code from an unsolicited document. Save the image and upload it to PhishGuard's QR scanner to check the embedded URL before visiting it. CERT-In has documented multiple such PDF QR phishing campaigns targeting Indian taxpayers.

What is the difference between a static and dynamic QR code for payment safety?

Static QR codes contain a fixed URL or UPI ID embedded permanently. Dynamic QR codes are generated per transaction and can contain variable amounts. Dynamic QR codes are safer for payments as they expire and cannot be pre-replaced. However, scammers can generate dynamic QR codes for fake payment collection requests. Always check: is this QR requesting you to send or receive money? Legitimate merchants never need your UPI PIN to receive payment.

Can I use PhishGuard to decode a QR code without scanning it with my camera?

Yes — PhishGuard's QR Tools supports three input methods: (1) Upload an image file of the QR code, (2) Paste an image URL, (3) Use your device camera for real-time decode. The decoded URL is immediately passed through PhishGuard's 55+ security checks. This is the safest way to inspect QR codes from screenshots, forwarded WhatsApp messages, email attachments, and printed posters before interacting with them.

How do I identify a fake QR code sticker pasted over a legitimate payment code?

Physical signs of fake QR stickers: slightly raised edge or peeling corner, different paper texture, slightly misaligned with the surrounding frame, printing quality inconsistency. Digital verification: scan with PhishGuard and verify the payee UPI ID contains the merchant's registered business name — not a random individual's name. Always cross-check the payee name on your UPI app's confirmation screen and match it with the business name visible on the shop.

What QR code scams are most common during Diwali, festive sales, and IPL season in India?

Seasonal spikes in QR fraud include: fake Diwali cashback offer QRs on WhatsApp, fake IPL ticket booking QR codes, counterfeit charity donation QRs during disaster relief (floods, earthquakes), fake government subsidy disbursement QRs targeting rural users, and fraudulent job interview confirmation QRs asking for a 'security deposit'. PhishGuard's team updates brand impersonation detection databases before major Indian festivals and events to catch these scams faster.

Free QR Code Safety Scanner India — Decode & Check QR Links

Upload or drag a QR code image

PNG, JPG, GIF, WebP · Max 5MB

Decoded Content

Content Type

Website URL

Size

Download PNG

QRishing Attacks

QRishing is phishing via malicious QR codes. Attackers place fake QR codes on payment terminals, posters, or WhatsApp messages claiming to be UPI refunds or cashback. Always decode and scan before visiting.

India QR Safety Tips

Never scan QR codes claiming to be "receive ₹500 cashback." Legitimate UPI payments only require you to pay, not scan to receive. Verify UPI QR codes show the correct merchant name before paying.

Free QR Code Safety Scanner India — Detect Fake UPI QR Codes

QRishing Attacks

India QR Safety Tips