Banking & cards

Risk level: ★★★★★

OTP Fraud

OTP fraud is a significant threat to Indian citizens, particularly those who are not tech-savvy. Scammers use various tactics to trick individuals into sharing their One-Time Passwords (OTPs), leading to unauthorized access to bank accounts and loss of money. Understanding this scam is crucial for protecting your finances.

Reported across India Check suspicious message

What is this scam?

OTP fraud is a type of scam where fraudsters trick individuals into revealing their One-Time Passwords (OTPs). These OTPs are used for authenticating online transactions, making them a key target for scammers. By obtaining an OTP, scammers can gain unauthorized access to your bank accounts and steal your money.

Common channels for OTP fraud include phone calls, SMS messages, and even messaging apps like WhatsApp. Scammers often impersonate bank officials or government representatives to create a sense of urgency and authority. They may also use fake apps that mimic legitimate banking applications to deceive users.

The tactics used by scammers can vary, but they often rely on psychological manipulation, such as fear of account suspension or the promise of rewards. It's essential to be aware of these tactics to protect yourself from falling victim to OTP fraud.

In India, where digital transactions are becoming increasingly popular, OTP fraud poses a significant risk. Many individuals, especially seniors and first-time smartphone users, may not be familiar with the security measures necessary to safeguard their financial information.

60-second explainer

How it happens in real life

Ravi, a 65-year-old retiree living in Pune, received a phone call from someone claiming to be a bank representative. The caller informed him that his account was at risk of being blocked due to suspicious activity. To resolve the issue, the caller requested Ravi to share the OTP sent to his phone.

Feeling anxious about losing access to his account, Ravi complied and shared the OTP. Moments later, he received a notification that a large sum of money had been transferred from his account. Ravi realized he had been scammed, but it was too late to stop the transaction.

Got a suspicious call, message, or link? Do this immediately

These steps apply to almost every fraud in India — UPI scams, fake bank calls, job offers, investment tips, courier fraud, and government impersonation. Follow them before you share anything or pay anyone.

Stop — do not engage further

  • Hang up the call immediately — do not stay on the line out of politeness or fear.
  • Do not reply to the SMS, WhatsApp, Telegram, or email — even to say “wrong number”.
  • Do not click any link, QR code, or attachment they sent.
  • Do not call back numbers they give you — use only official numbers from your bank card or website.
  • If they claim urgency (“account blocked in 2 hours”), treat that as a scam signal and pause.
  • Tell the caller you will verify independently and end the conversation.

Never share or allow

  • Never share OTP, PIN, CVV, ATM PIN, or net-banking password — not even with “bank staff” or “police”.
  • Never approve a UPI collect request or enter UPI PIN to “receive” a refund — receiving money never needs your PIN.
  • Never install AnyDesk, TeamViewer, QuickSupport, or unknown APK files they ask you to download.
  • Never enable screen sharing or “remote help” on your phone or laptop for an unknown caller.
  • Never send photos of Aadhaar, PAN, passport, or bank statements to an unsolicited contact.
  • Never transfer money for “verification”, “processing fee”, “customs charge”, or “KYC update”.
  • Never share your SIM or swap SIM at a shop because someone on the phone told you to.

Block, delete, and disconnect

  • Block the phone number on your dialer and on WhatsApp.
  • Leave and report suspicious WhatsApp / Telegram groups.
  • Delete any app or APK you installed because they asked — uninstall fully, not just remove icon.
  • Mark the email as spam/phishing and delete it after saving evidence.
  • Turn off “Unknown caller” callbacks and do not add them to contacts.
  • If you joined a video call with them, leave immediately and close the app.

Save evidence before you delete anything

  • Screenshot the full chat, including phone number, profile name, and date/time.
  • Save SMS with sender ID and message text.
  • If safe and legal in your state, record a short clip of a repeat call for reporting.
  • Note the exact time, amount (if any), UPI ID, and transaction reference number.
  • Save emails with headers visible; forward a copy to yourself before deleting.
  • Photograph QR codes or payment pages they sent — do not scan them.
  • Write down what they claimed (bank name, department, officer name) while memory is fresh.

Verify independently — never through them

  • Call your bank using the toll-free number printed on your debit/credit card or passbook.
  • Visit your bank branch in person if large money or KYC is mentioned.
  • Open your bank or UPI app manually — never via their link — and check for alerts.
  • Search the organisation name on its official .gov.in or .co.in website, not Google ads.
  • Ask a trusted family member or friend before sending money or sharing OTP.
  • Use our message checker if you are unsure about a text or WhatsApp forward.

Protect your accounts and devices

  • Change net-banking and UPI PINs from a device you trust — not one they had you install software on.
  • Enable transaction limits and alerts in your bank app and UPI app (Paytm, PhonePe, GPay, etc.).
  • If you shared OTP or logged in on a suspicious link, call the bank fraud hotline to block cards/UPI.
  • Run a malware scan if you installed an unknown app; consider factory reset if remote access was granted.
  • Turn on two-factor authentication where available; use biometrics for UPI where supported.
  • Check your bank SMS history for unknown debits in the last 48 hours.

Report and warn others

  • Call 1930 (National Cyber Crime Helpline) if money was lost or you shared OTP/PIN.
  • File a report at cybercrime.gov.in — keep the acknowledgement number.
  • Inform your bank’s fraud desk and request account/card/UPI freeze if needed.
  • Warn family members — scammers often target the same household next.
  • Report the number to your telecom provider’s spam reporting channel (1909 for SMS spam).
  • Share a warning in your local community so others do not fall for the same script.

Also specific to this scam type

  • Do not share your OTP with anyone, regardless of the situation.
  • Immediately block the number that contacted you.
  • Delete any suspicious apps that may have been suggested.
  • Save screenshots or recordings of the conversation for evidence.
  • Verify the caller's identity through your bank's official channels.
  • Inform your family about the scam attempt to raise awareness.
  • Do not engage further with the scammer.
  • Report the incident to your bank immediately.
  • Change your passwords for online banking accounts.
  • Stay calm and think critically about the situation.

When in doubt, pause — no genuine bank or government office punishes you for hanging up and verifying. Lost money? Call 1930

How it works — step by step

  1. Initial Contact

    The scammer initiates contact through a phone call, SMS, or WhatsApp message, posing as a bank representative or a government official. They create a sense of urgency by claiming there is an issue with the victim's account.

  2. Creating Fear

    The scammer informs the victim that their account will be blocked or that they will face legal action unless they take immediate action. This tactic instills fear and prompts the victim to comply quickly.

  3. Requesting OTP

    The scammer instructs the victim to check their phone for an OTP that has been sent for verification. They may say that this is a necessary step to secure the account.

  4. Gaining Trust

    To gain the victim's trust, the scammer may provide some personal information about the victim, such as their name or last transaction details, making it seem like they are legitimate.

  5. Sharing OTP

    Once the victim receives the OTP, the scammer urges them to share it immediately, claiming it is essential for resolving the issue. The victim, feeling pressured, shares the OTP.

  6. Unauthorized Access

    With the OTP in hand, the scammer can access the victim's bank account and initiate unauthorized transactions, leading to financial loss.

  7. Disappearing Act

    After the transaction, the scammer may cut off communication, leaving the victim confused and unable to recover their lost money.

Why this scam works

OTP fraud succeeds primarily due to the psychological manipulation employed by scammers. They create a sense of urgency and fear, making victims feel that they must act quickly to avoid negative consequences. This pressure often leads individuals to make hasty decisions without verifying the legitimacy of the request.

Additionally, scammers impersonate trusted authorities, such as bank officials, which further increases their credibility. Victims may not question the legitimacy of the request because they believe they are speaking to someone who has their best interests in mind. This combination of fear and authority makes it easy for scammers to exploit unsuspecting individuals.

Who is most at risk

Individuals who are not tech-savvy, such as seniors and first-time smartphone users, are often targeted by scammers. They may lack the knowledge or experience to recognize red flags in communication, making them more vulnerable to manipulation. Additionally, those who frequently use online banking or digital payments are at higher risk, as they may be less cautious about sharing sensitive information.

What scammers say to pressure you

  • Sir, aapka account block ho jayega agar aap ye OTP nahi denge.
  • Ye OTP verification mandatory hai, please jaldi karein.
  • Aapko cash reward milega agar aap is process ko complete karte hain.
  • Agar aapne ye OTP nahi diya, to aapka paisa khatam ho jayega.
  • Ye sirf aapki security ke liye hai, please trust karein.
  • Aapka account hack ho gaya hai, isliye ye zaroori hai.
  • Ye ek government initiative hai, aapko madad karni hogi.
  • Aapko sirf ek minute ka time chahiye, please jaldi karein.
  • Agar aapne ye nahi kiya, to aapko legal action face karna padega.
  • Ye message aapke bank se hai, isliye aapko is par dhyan dena hoga.

Warning signs

  • Receiving unsolicited calls or messages asking for your OTP.
  • Pressure to act quickly or face account suspension.
  • Requests for personal information, such as your Aadhaar or PAN number.
  • Caller ID showing a different number than the official bank helpline.
  • Links to download apps that claim to help with account security.
  • Messages containing grammatical errors or unusual language.
  • Promises of rewards or cash prizes for sharing information.
  • Threats of legal action or account blocking.
  • Unfamiliar numbers calling you repeatedly.
  • Requests to share your screen or install remote access software.

Never do this

  • Never share your OTP with anyone.
  • Do not install any apps suggested by unknown callers.
  • Avoid paying any 'processing fees' for refunds.
  • Do not approve unknown UPI collect requests.
  • Never share your Aadhaar photo with strangers.
  • Do not click on suspicious links sent via SMS or WhatsApp.
  • Avoid giving personal information over the phone.
  • Do not engage with unknown callers asking for sensitive information.
  • Never trust unsolicited messages claiming to be from your bank.
  • Do not ignore your gut feeling if something feels off.

How to verify before you trust

  • Call your bank's official helpline to verify any suspicious requests.
  • Check your bank app for any alerts or notifications.
  • Do not use contact information provided by the caller; find it independently.
  • Look for official communications in your bank's app or website.
  • Cross-check any links by typing the URL directly into your browser.
  • Ask a trusted family member or friend for their opinion.
  • Be cautious of any requests for personal information.
  • Verify the identity of the caller by asking specific questions.
  • Check for any recent transactions in your bank account.
  • Report any suspicious messages to your bank immediately.

How to stay safe

Sample scam messages — do not trust these

Real frauds often arrive as SMS, WhatsApp, or calls that look official. These are typical examples — banks and government never ask for OTP, call forwarding, or remote access this way.

  • SMS

    OTP 847291 is generated for Rs 25,000 transfer. Share with bank executive on call to stop transaction.

  • SMS

    Dear customer, your account will be blocked in 2 hours. Share OTP received on SMS to verify identity.

  • Enable two-factor authentication on your bank accounts.
  • Regularly update your passwords and use strong combinations.
  • Be cautious of unsolicited calls or messages.
  • Educate yourself about common scams and tactics used by fraudsters.
  • Avoid sharing personal information over the phone or online.
  • Use official banking apps and websites only.
  • Do not click on links from unknown sources.
  • Keep your phone's security software updated.
  • Regularly monitor your bank statements for unauthorized transactions.
  • Inform your family about potential scams and how to avoid them.
  • Use a separate email for banking transactions.
  • Be skeptical of any offers that seem too good to be true.

If you suspect a scam right now

  • If you receive a suspicious call, hang up immediately.
  • Do not respond to messages asking for your OTP.
  • Change your online banking passwords right away.
  • Contact your bank's helpline to report the incident.
  • Monitor your bank account for any unauthorized transactions.
  • Block the number that contacted you.
  • Inform family members about the scam to prevent them from falling victim.
  • Delete any suspicious apps that may have been downloaded.
  • Save any messages or call logs as evidence.
  • Stay vigilant and do not engage with unknown callers.

Emergency recovery

  1. Immediately call 1930 to report the fraud.

  2. Visit https://cybercrime.gov.in to file a complaint.

  3. Contact your bank to freeze your account if necessary.

  4. Change your online banking passwords and security questions.

  5. Monitor your bank statements for unauthorized transactions.

  6. Inform family members about the scam to prevent further incidents.

  7. Check if any personal information has been compromised.

  8. Consider placing a fraud alert on your credit report.

  9. Keep a record of all communications with your bank and authorities.

  10. Follow up on your complaint with the cybercrime department.

Call 1930 · cybercrime.gov.in

Official reporting

FAQ

What should I do if I accidentally shared my OTP?
If you shared your OTP, immediately change your online banking password and contact your bank to report the incident. They can help secure your account.
How can I recognize a legitimate call from my bank?
Legitimate calls from your bank will never ask for your OTP or sensitive information. Always verify by calling the bank's official helpline.
Can I recover my lost money after falling for OTP fraud?
Recovery can be challenging, but it's essential to report the fraud to your bank and the cybercrime department as soon as possible.
What are the common signs of OTP fraud?
Common signs include unsolicited calls asking for your OTP, pressure to act quickly, and requests for personal information.
Is it safe to use banking apps on my phone?
Yes, but ensure you download apps from official sources and keep your phone's security updated.
How can I protect myself from OTP fraud?
Enable two-factor authentication, avoid sharing personal information, and educate yourself about common scams.
What should I do if I receive a suspicious message?
Do not click on any links or respond. Report it to your bank and delete the message.
Are there any legal actions against scammers?
Yes, reporting scams helps law enforcement take action against fraudsters and protect others.
Can I trust messages claiming to be from my bank?
Always verify the authenticity of such messages by contacting your bank directly through official channels.
What if I receive multiple calls from the same number?
If you receive repeated calls from the same number, block it and report it to your bank or the cybercrime department.