In a disturbing example of how blind trust in digital payments is being exploited, Delhi Police have exposed a sophisticated QR code manipulation scam inspired by a South Indian film. The North District Cyber Police Station has arrested a 19-year-old youth from Jaipur, identified as Manish Verma, who allegedly duped traders across India by altering QR codes using AI-based tools—without changing the shopkeeper’s displayed name.
According to investigators, the scam was executed with precision, ensuring that when customers scanned the QR code, the payment appeared legitimate but was silently diverted into the accused’s bank account.
QR Code Altered Using AI, Shopkeeper’s Name Left Intact
Police revealed that Manish contacted shopkeepers and commercial establishments across India, posing as a customer interested in making advance payments. He would request the shop’s QR code on WhatsApp under the pretext of confirming a purchase.
Once he received the QR image, the accused:
- Uploaded the QR code into an AI-based image editing application
- Technically relinked the QR payment destination to his own bank account
- Retained the original shopkeeper’s name on the QR display to avoid suspicion
The manipulated QR code was then sent back to the shopkeeper, who believed it to be authentic.
Saved QR Codes Became the Weapon of Fraud
Investigators found that many shopkeepers or staff members saved the QR code image in their mobile gallery for repeated use. This became the critical vulnerability.
Every time a customer later scanned the same saved QR code, the payment was unknowingly transferred directly into Manish’s bank account.
Using this method, the accused:
- Targeted over 100 traders across India
- Siphoned off several lakh rupees
- Allowed transactions to go unnoticed for weeks, as shopkeepers assumed delays were technical issues
Chandni Chowk Transaction Uncovered the Entire Scam
The fraud came to light after a major transaction in Chandni Chowk, Delhi.
According to Deputy Commissioner of Police (North District) Raja Banthia, the cyber police received a complaint on December 13, 2025, involving a loss of ₹1.40 lakh.
The complainant stated that:
- A lehenga worth ₹2.50 lakh was sold
- ₹1.40 lakh was paid via QR code
- The amount was debited from the buyer’s account but never credited to the shopkeeper
This discrepancy triggered a technical investigation.
Digital Trail Led Police to Jaipur
Transaction analysis revealed that the diverted funds were credited to a bank account located in Jaipur, Rajasthan.
Based on this lead:
- A police team was dispatched to Jaipur
- The accused was arrested from Thali village in Chaksu area
- During interrogation, Manish confessed to the fraud
From his mobile phone, police recovered:
- Over 100 manipulated QR codes
- Chat histories with shopkeepers
- Screenshots of altered QR images
- Transaction logs and payment records
Inspired by Film, Technique Learned Online
During questioning, the accused disclosed that he got the idea after watching the South Indian film ‘Vettaiyan’, which depicted cyber-enabled financial crimes.
He further admitted that he:
- Downloaded AI image-editing applications
- Learned QR code manipulation techniques via YouTube tutorials
Manish is reportedly Class 10 pass and was unemployed at the time of committing the offences.
Police Advisory: QR Codes Must Be Treated as Live Instruments
Following the exposure of the scam, Delhi Police issued a strong advisory to traders and consumers:
- Always use live, on-screen QR codes during transactions
- Avoid accepting payments via gallery-saved QR images
- Verify bank credit confirmation before handing over goods
Officials warned that QR codes should be treated like live financial instruments, not static images.
Conclusion
The case highlights a dangerous evolution in cybercrime, where AI-powered tools are being weaponised to exploit trust in digital payments. What makes the scam particularly alarming is that visual confirmation alone is no longer reliable—even when the shopkeeper’s name appears correct.
As India’s digital payment ecosystem expands, vigilance, real-time verification, and updated awareness are no longer optional safeguards. This case serves as a stark reminder that convenience without verification can come at a heavy cost.
