Featured

Labels
Posted by Me

Online Scams Using Fake QR Payment Screens


Online Scams Using Fake QR Payment Screens

Cashless payment has made life in Malaysia absurdly convenient. Buy nasi lemak? Scan. Pay parking? Scan. Split dinner bill? Scan. Donate at the temple? Also scan. We have collectively reached the point where many Malaysians trust a black-and-white square more than physical cash.

Unfortunately, scammers noticed.

One increasingly common fraud tactic is the fake QR payment screen scam—a trick that exploits how quickly people trust digital payment “proof” without actually verifying whether money arrived. It is simple, fast, and alarmingly effective.

Here is how it works.

How the Scam Usually Happens

A scammer buys something from a seller—often a small business, Facebook Marketplace seller, pasar malam vendor, or home-based merchant.

They then “make payment” by:

  • Showing a fake banking app/payment screen
  • Using a spoofed screenshot or edited transfer receipt
  • Using a fake QR payment app that generates convincing success messages
  • Claiming the payment is “pending” or “bank slow today”

The seller sees what looks like proof of payment, hands over the goods, and only later realises:

No money ever arrived.

Authorities and banks have repeatedly warned consumers and merchants not to rely solely on screenshots or visual payment confirmations because scammers can spoof them easily.

Why This Scam Works So Well

Because people are busy, distracted, and overly trusting of anything displayed on a smartphone.

Scammers exploit:

  • Social pressure (“Boss, I already paid lah.”)
  • Queue pressure (“Many customers waiting.”)
  • Embarrassment (Seller feels awkward double-checking)
  • Assumption that apps cannot be faked

But a screen is just a screen.

A “Payment Successful” page means absolutely nothing unless the recipient’s bank or e-wallet confirms the funds.

Common Variations of the Scam

1. Fake Transfer Screenshot

The scammer edits a screenshot to show successful payment.

2. Fake Banking App Interface

Some fraudsters use cloned/fake apps designed purely to simulate payment confirmations.

3. Delayed Excuse Scam

They claim:

  • “Interbank transfer slow.”
  • “Weekend transfer takes time.”
  • “Bank system down.”
  • “Wait 5–10 minutes.”

Then they disappear.

4. QR Code Swap / Overlay Scam

In another variation, scammers replace legitimate QR codes with their own so customers unknowingly pay the wrong recipient. This has been highlighted in scam advisories involving DuitNow/QR payments.

Who Is Most At Risk?

This scam heavily targets:

  • Small retailers
  • Hawkers / food stalls
  • Online sellers / resellers
  • Home businesses
  • Event vendors
  • Marketplace sellers meeting in person

Why?

Because many small sellers:

  • Depend on manual checking
  • Handle high customer volume
  • Lack integrated POS systems
  • Trust screenshots too easily

Scammers know this.

How to Protect Yourself

1. Never Trust Screenshots

A screenshot is not proof of payment.

Treat payment screenshots the same way you’d treat someone showing you a photo of cash and saying, “Trust me, it’s in your wallet now.”

2. Verify Funds in Your Own App/Bank Account

Always confirm payment from:

  • Your banking app
  • Merchant terminal/POS
  • E-wallet notification system

Do not rely on:

  • Customer’s phone screen
  • SMS alone
  • WhatsApp receipt image

Banks and cybercrime experts specifically advise merchants to verify incoming funds in their own account before releasing goods.

3. Check the Sender / Recipient Name

For QR payments, ensure the displayed recipient name matches the intended merchant/business before approving.

Bank and payment providers repeatedly warn users to review QR payment details before confirming.

4. Be Suspicious of “Payment Delay” Stories

If someone says:

  • “Bank problem”
  • “Transfer pending”
  • “Line slow”
  • “You’ll receive soon”

Respond politely:

“No worries—I’ll release the item once payment clears.”

That is normal business practice, not rudeness.

5. Protect Your Physical QR Codes

If you display printed QR codes:

  • Check them daily for tampering
  • Look for stickers pasted over original codes
  • Laminate/seal them where possible
  • Place them where staff can monitor them

What To Do If You’ve Been Scammed

Act fast.

Immediately:

  1. Contact your bank/e-wallet provider
  2. Call the National Scam Response Centre (NSRC) at 997 as soon as possible
  3. File a police report
  4. Preserve evidence:
    • Screenshots
    • CCTV footage
    • Chat history
    • Vehicle plate / suspect details if available

Time matters. The faster authorities are alerted, the better the chance of tracing or freezing funds.

Final Thoughts

The problem with digital payments is that they look trustworthy even when they are not.

A fake QR payment screen can be made in minutes. A forged receipt can be edited in seconds. A careless seller can lose hundreds or thousands in one moment of trust.

Technology makes transactions easier—but it also makes deception prettier.

So remember this rule:

If the money is not visible in your own account, you have not been paid.

Not “probably paid.” Not “pending.” Not “customer said already paid.”

Paid means credited. Period.

In the era of cashless convenience, skepticism is now part of customer service.

Useful Resources:

Email Post
Labels:

Comments

Post a Comment

Popular Posts