Mizoram man uses QR code to steal money from petrol pump. What happened next?
The accused printed his own bank account's Google Pay QR code and pasted it over the legitimate one displayed at the petrol pump.
A 23-year-old man was arrested in Mizoram's Aizwal on Sunday for stealing money from a petrol pump by replacing the QR code sticker, news agency PTI reported.
The manager of Mizofed's petrol pump at Treasury Square registered a complaint with the police stating that the bunk's payment QR code had been replaced by a miscreant around 3 pm on Sunday.
Mizoram Inspector General of Police (Law and Order) Lalbiakthanga Khiangte said the police launched an investigation and detained an individual based on suspicion.
Also read: Law graduate caught stealing ₹3.5 lakh from temples with clever QR code trick
The man was identified as H. Lalrohlua, a resident of Lunglei's Hrangchalkawn who currently lives in Aizawl's Armed Veng locality. The police thoroughly questioned the man, who confessed to the crime. The police also said the man has no history of crimes or similar offences.
According to the report, Lalrohlua allegedly printed his bank account's Google Pay QR code and pasted it over the legitimate one displayed by the Mizofed, a public sector undertaking.
After pasting his QR code, the accused reportedly received ₹2,315 in three transactions. Interestingly, he also repaid ₹890 to one of the payees and spent the remaining amount of ₹1,425, police said.
How Quishing works?
QR codes are one of the most common ways scammers can trick users. Scammers exploit the ease of QR code use, directing users to phishing sites and risking sensitive data theft.
A scam is called quishing when scammers and other bad actors steal money, personal information, or sensitive data and infect devices by distributing altered QR codes meant to mimic legitimate companies.
The attacker creates a QR code that links to a phishing site designed to appear authentic. The malicious QR code might be placed in public places (like restaurants or stations), pasted over legitimate QR codes, or shared in emails and messages.
When an unsuspecting person scans the code, they’re directed to the attacker’s phishing site, where they may be prompted to enter personal or financial information. Once the user inputs their information, the attacker can capture, use, or sell the data.
(With PTI inputs)