PhonePe refund QR scam – caller asking to scan code, what to do?

Imagine this scenario: you've just made a UPI payment, perhaps for groceries, an online order, or a bill. Suddenly, your phone rings. The caller identifies themselves as a representative from PhonePe, GPay, or your bank, sounding professional and helpful. They inform you that your recent UPI transaction has "failed" or "got stuck" and that a refund is due. To process this refund, they claim, you need to follow a few simple steps. The crucial step they insist upon is "scanning a QR code" or "clicking a link" they will send you. They might even try to sound urgent, saying the refund window is closing soon. Here's the trick: when you scan the QR code they send, or click the link, you are not initiating a refund. Instead, you are approving a payment *to* the scammer. UPI applications often have a "Scan to Pay" feature. The QR code provided by the scammer is cleverly designed to initiate a "collect request" or directly approve a payment *from* your account. The moment you enter your UPI PIN after scanning, you authorize a transaction, transferring your money directly to the scammer's account. They might even walk you through the process, guiding you to accept the "refund" which is actually a "debit" request. Some sophisticated scammers may even share a screenshot of a fake "refund processing" page to gain your trust. They exploit the common understanding of QR codes for payments, reversing the intent to steal your funds instead of refunding them. Once the money is gone, it's incredibly difficult to recover, as UPI transactions are instantaneous.

• Unsolicited Calls About "Failed Transactions":** If you receive a call about a failed transaction you weren't aware of, or even one you were, and the caller demands immediate action, be suspicious. Reputable companies rarely call customers for transaction failures that require sensitive actions like scanning QR codes for refunds.
• Insistence on Scanning a QR Code for a Refund:** This is the biggest red flag. UPI platforms like PhonePe, GPay, or any bank will *never* ask you to scan a QR code to *receive* money. Scanning a QR code is almost exclusively for *sending* money.
• Requests for UPI PIN or OTP (One-Time Password) for a Refund:** Similarly, you never need to share your UPI PIN or an OTP to *receive* money. These are always for *authorizing payments* or *making changes* to your account.
• Urgency and Pressure Tactics:** Scammers often create a sense of urgency ("refund valid only for 10 minutes," "your account will be blocked if you don't comply") to prevent you from thinking clearly or verifying the information.
• Grammar and Spelling Errors in Messages:** If they send you messages or links, look for poor grammar, spelling mistakes, or unprofessional language.
• Asking You to Download Remote Access Apps:** Some scammers might try to trick you into downloading apps like AnyDesk or TeamViewer, giving them remote access to your phone. This is extremely dangerous.

• Always Verify, Never Trust Blindly:** If you receive a call about a transaction issue, hang up and directly contact your bank's official customer care number or the support portal of your UPI app (PhonePe, GPay). Do not use numbers provided by the caller.
• Remember: Receiving Money Never Requires a QR Scan or UPI PIN:** To receive money via UPI, you only need to provide your UPI ID (VPA). You never need to scan a QR code or enter your PIN. Always be wary if someone asks you to do these things for a refund.
• Understand How UPI Works:** Educate yourself on the legitimate functions of UPI. QR codes are for *sending* money. UPI PIN is for *authenticating payments*. An OTP is usually for *authorizing sensitive actions*.
• Do Not Click on Suspicious Links or Scan Unknown QR Codes:** These could lead to phishing websites designed to steal your credentials or initiate unauthorized payments.
• Protect Your UPI PIN and OTP:** Never share your UPI PIN or any OTP with anyone, under any circumstances. They are your digital signature for financial transactions.
• Check Your Transaction History:** Regularly review your UPI transaction history in your app to identify any unauthorized activities.

• Do NOT Scan the QR Code or Click the Link:** Your first and most important step is to simply refuse. Do not engage further.
• Immediately Disconnect the Call:** Don't argue with the scammer. Just hang up.
• Block the Number:** Add the scammer's number to your phone's block list to prevent future calls.
• Report the Incident:**
• National Cybercrime Helpline:** Immediately call 1930 or visit www.cybercrime.gov.in to report the attempted fraud. Provide all details like the caller's number, time of call, and what they claimed.
• Your Bank/UPI App:** Inform your bank and the respective UPI platform (PhonePe, GPay) about the attempted scam. They might be able to flag the number or raise a general alert.
• Inform Others:** Share your experience with family and friends to prevent them from falling victim to similar scams.