The “Scan to Receive Money” Scam on OLX & UPI: How to Recover Lost Funds

by

You posted an old sofa or bike on OLX. Within minutes, you got a call. The buyer didn’t negotiate. They just said, “I am sending you the money on Google Pay/PhonePe. Scan this QR code to receive the payment.”

You scanned it. You entered your PIN. And instead of receiving ₹5,000, you saw: “Debit: ₹5,000 via UPI.”

If this happened to you, you are not alone. This is the Reverse QR Code Scam, and in 2025, it is costing Indians crores of rupees daily.

In this CSNR Cyber Awareness guide, we explain the mechanics of the scam and the exact steps to take in the first 60 minutes (The Golden Hour) to get your money back.

The “Army Officer” Script

Scammers know you trust authority. The most common script involves the scammer posing as an Indian Army Officer or CISF Jawan who has been “transferred” to your city.

  1. The Proof: They send photos of a fake Army ID card and canteen card on WhatsApp.

  2. The Urgency: They claim they cannot come physically to pick up the item because they are “on duty,” so they will send a generic courier.

  3. The Trick: They say, “Army accounts have a special rule. You must scan this QR code to verify your bank account before I can credit the money.”

The Golden Rule: You NEVER need to enter your UPI PIN to RECEIVE money. PIN is only for SENDING money.

Immediate Recovery Plan (The Golden Hour)

Time is your enemy. If you act within 1 hour, your chances of recovery are 80%. If you wait 24 hours, it drops to 10%.

Step 1: Call 1930 Immediately

Do not call your branch manager. Do not go to the police station yet.

  • Dial 1930 (National Cyber Crime Helpline).

  • This connects you to the Citizen Financial Cyber Fraud Reporting System.

  • Why it works: When you report the fraud transaction ID here, the system alerts the receiver’s bank to freeze the money in the scammer’s account before they can withdraw it or transfer it to crypto.

Step 2: File a Dispute on the NPCI Portal

If the helpline is busy, bypass the bank customer care (which is often slow) and go to the source: NPCI (National Payments Corporation of India).

  1. Go to the official NPCI Website.

  2. Navigate to: What we do > UPI > Dispute Redressal Mechanism.

  3. Fill in the Transaction ID, Bank Name, and select “Fraudulent Transaction” as the reason.

  4. This creates a formal ticket that your bank must resolve under RBI guidelines.

While you fix your finances, ensure your phone isn’t compromised. Read our guide on How to Check If Your Phone Has Been Hacked.

How to Spot the “Reverse QR” Scam

Before you scan anything in the future, look for these red flags:

  • “Merchant” Name: When you scan the code, does it show a person’s name (e.g., “Rahul Kumar”) or a weird business name (e.g., “Online Liquor Store”)? Scammers often use stolen merchant QR codes.

  • The £1 / ₹1 Trick: They will send you ₹1 first to “build trust.” Then they ask you to send ₹5,000 to “verify” the reverse transaction.

  • Whatsapp Audio Calls: They will almost always call on WhatsApp Audio, never a normal cellular call, to hide their location.

What if the Money is Gone?

If the “Golden Hour” has passed and the scammer has emptied the account:

  1. File an FIR: Go to cybercrime.gov.in and file a formal e-FIR. You will need screenshots of the chat, the fake ID proof they sent, and the transaction ID.

  2. Cyber Insurance: Check your bank account features. Many premium savings accounts (like HDFC Classic/Preferred or ICICI Wealth) include complimentary Cyber Fraud Insurance up to ₹50,000. You might be covered without knowing it.

Conclusion: UPI is safe; users are vulnerable. The technology isn’t hacked—your psychology is. Remember: If you have to enter a PIN, money is leaving your pocket.

Leave a Comment

© 2025 Marketer • Built with GeneratePress

Privacy Policy

Terms

Contact