‘Fake’ QR code pasted over real one in suspected scam at Malaysia eatery
With the increasing numbers of digital payment systems, would-be swindlers have also been keeping up with the times in executing their fraudulent methods.
One ruse was uncovered at an eatery in Seremban, Malaysia, where a suspected scammer used a stuck-on QR code to trick patrons into paying the wrong recipient.
A customer had been looking to pay for a meal with e-wallet monies at Lucky Kitchen, according to a Facebook post on Nov 26 by a friend of the restaurateur.
Upon scanning the QR code for payment, the unidentified customer was directed to transfer funds to an account purportedly owned by an individual named “Kway Hing Lai”, which raised the sharp-eyed patron’s suspicions as it was not the eatery’s name.
The eatery operator, Ms Loke Jingyi, was alerted and discovered that someone had pasted the image of another QR code over the correct mosaic, China Press reported.
“I quickly checked the QR code image and was surprised to find, after peeling it off, that it was covering the correct image,” she told the Malaysian daily. “Scanning the ‘fake’ code revealed an individual’s name as the payment recipient, not the account the outlet was using.”
Ms Loke added that she had been busy with operations since 7.30am that day and had not realised someone had tampered with the eatery’s QR payment standee that was placed at the outlet’s counter for ease of access.
She expressed relief that no one had used the Touch ‘n Go e-wallet for payment that day, meaning no losses were incurred at the outlet which had been operating for just over two months, selling a variety of banmian dishes.
The Touch ‘n Go system uses Malaysia’s DuitNow QR codes, which allows not just Malaysians but also travellers from Singapore, Thailand and Indonesia to make payments via their own participating bank accounts and e-wallets.
A friend of Ms Loke’s posted about the incident on Facebook as a cautionary tale to other business owners offering payments by digital methods, hoping to alert them to this suspected scam method and also seek leads about Kway Hing Lai.
A Facebook friend managed to dig up an address, phone number and photo purportedly belonging to the swindling man’s Touch ‘n Go account, which requires personal details for verification and usage.
But the man had not been seen that day, according to Ms Loke.
While many social media users urged the eatery operator to make a police report, others posited the possibility that this was a practical joke meant to incriminate “Kway”, as scanning the QR code instantly revealed the name of the would-be recipient.
Facebook commenters cast doubt on whether anyone would be that brazen to attempt a scam that would divulge his personal details.
For now, the lesson for Ms Luo is to keep the QR payment standee beyond the reach of passers-by, and to install a speaker system that would audibly announce each time a payment had been received.
“Even though this will be more troublesome and involve some additional steps, prevention is the best way to avoid the scenario where the customer has paid but the retailer cannot receive payment - a lose-lose situation,” said the operator of Lucky Kitchen.