OTP scams alert: Hyderabad police issue public advisory

Hyderabad: Cyber scammers are increasingly using deceptive calls, SMS, WhatsApp messages, fake customer-care numbers and phishing websites to trick citizens into sharing their One-Time Passwords (OTPs).

Once obtained, criminals gain unauthorised access to bank accounts, credit cards, digital wallets, e-commerce apps and personal data, leading to heavy financial losses and identity misuse.

How do scammers operate in OTP frauds?

Watch out for these tactics that reveal how scammers operate:

1. Fake Bank/KYC Update Calls: Fraudsters pose as bank officials and claim that the customer’s debit card, credit card, KYC or account will be blocked unless an OTP is provided.

2. Online Shopping/Cashback Scams: Criminals offer fake refunds, gift vouchers, cashbacks or points redemption and request the OTP that ‘will be received for processing.’

3. Fake Customer Care Search: Victims search for customer care numbers on Google; fraudsters pick up the call and ask for OTP for authentication or reversal of a transaction.

4. Job and Loan Fraud: Scammers assure instant loans or job approvals and ask victims to share OTPs to ‘complete verification.’

5. Fake UPI Collect Requests: Scammers tell victims they will receive money but instead send a ‘Collect Money Request’ on UPI. Fraudsters ask to approve and share OTP, resulting in the debit of funds.

6. SIM Swap/Mobile Number Fraud: Fraudsters collect personal details and OTPs to issue a duplicate SIM and take control of banking OTPs and SMS alerts.

7. E-commerce Return and Delivery Scams: Impersonating delivery executives or online marketplace agents, criminals ask for OTP under the pretext of verifying a return/refund request.

Public advisory to prevent OTP frauds

Never Share OTPs: No bank, government department, e-commerce platform, digital wallet, loan provider or delivery service ever asks for OTP.

Beware of Unknown Calls and Messages: Do not respond to calls or messages requesting OTP for card activation, KYC update, EMI relief, loan sanction, reward points or refunds.

Do Not Approve Unknown UPI Requests: Never approve collect requests or share OTP claiming that ‘money will be credited to your account.’

Verify Customer Care Numbers: Always use customer care numbers only from official websites/mobile apps — not from Google search or social media posts.

Do Not Share Screenshots of Messages: OTPs can be extracted from screenshots shared on WhatsApp or social media.

Activate Security Features such as:

- Enable SIM lock

- Enable device screen lock

- Enable bank transaction alerts

Report suspicious activity immediately

Report suspected fraud to the National Cybercrime Helpline (1930) or online at cybercrime.gov.in.