OTP Fraud India
Scammers posing as bank executives, courier agents, and government officials call to steal your OTP — and drain your account within minutes.
How OTP Fraud Works
Fake Bank Executive Call
Caller claims to be from your bank's fraud department. Says your account has suspicious activity and they need to "verify" your identity by sending an OTP. They have your partial account details (often purchased from data brokers) to sound credible. The OTP authorises a fund transfer to a mule account.
Courier / Parcel Scam
"A package is stuck at customs — pay a small fee to release it." They send you a payment link and ask for the OTP that arrives on your phone to "verify" the transaction. The OTP actually authorises a debit from your account.
SIM Swap Attack
Fraudster contacts your telecom provider with your Aadhaar or date of birth, requests a SIM replacement claiming the old one was lost. Once the swap is complete, all SMS OTPs are delivered to the attacker, not you. Your phone loses signal — that is the warning sign.
Screen Share / Remote Access
"Tech support" asks you to install AnyDesk or TeamViewer to "fix" a banking issue. Once you install it, they watch your screen live and capture the OTP when it arrives. Never give remote access to anyone claiming to help with banking.
Warning Signs
Unsolicited call claiming to be your bank
Caller asks you to share or read out an OTP
Urgency — "your account will be blocked in 10 minutes"
Asks you to install a remote access app
Phone loses network signal unexpectedly (SIM swap sign)
Caller already has partial personal/account details
Request to "verify" by making a ₹1 test transaction
SMS OTPs arriving for transactions you did not initiate
Frequently Asked Questions
Can sharing an OTP lead to money being stolen from my bank account?
Yes — immediately and completely. An OTP shared with a scammer gives them one-time access to authorise a transaction or change your internet banking password. Fraudsters typically act within 60 seconds of receiving an OTP. Never share an OTP with anyone, including callers claiming to be from your bank, RBI, or courier services.
What is a SIM swap attack and how does it steal my OTP?
In a SIM swap attack, the fraudster calls your telecom provider impersonating you, provides your Aadhaar or date of birth, and convinces the operator to transfer your mobile number to a new SIM they control. Once successful, all SMS OTPs meant for you are delivered to the attacker. Signs: your phone loses network signal unexpectedly. Immediately call your telecom provider if this happens.
Why does my bank say they never ask for OTPs?
Your bank already has access to your account — they do not need your OTP to help you. OTPs are designed specifically so that only you can authorise a transaction. Any caller claiming to be from a bank who asks for your OTP is definitively a fraudster. This applies to all banks: SBI, HDFC, ICICI, Axis, Kotak, and all others.
What should I do if I shared an OTP with a scammer?
Act within minutes: (1) Call your bank immediately to block the account or card — use the number on the back of your card, not the number provided by the caller. (2) Call 1930 — the national cybercrime helpline. (3) Change your internet banking password from a secure device. (4) File a complaint at cybercrime.gov.in with the phone number and transaction details.