OTP & Phishing Scams

What is this scam?

OTP and phishing scams target the final security layer between scammers and your bank account. An OTP (One Time Password) is designed to be the last line of defence. Scammers use social engineering, fake websites, and urgency to extract this code from victims. Once they have your OTP, they can complete transactions, reset passwords, and take over your accounts — often within seconds.

How it works — step by step

1. 1

   Scammer calls pretending to be bank customer care, claiming your account has a 'problem' that requires urgent OTP verification.

2. 2

   A fake SMS or email with a link is sent to a cloned bank website — victim enters their login details and OTP.

3. 3

   Scammer uses 'screen mirroring' apps to see your OTP appear on your screen in real time.

4. 4

   Fake KYC update messages threaten account suspension if OTP is not shared within a deadline.

🚩 Red flags — warning signs

• ⚠️Any phone call, SMS, or message asking for your OTP — no legitimate service ever needs your OTP
• ⚠️Links in SMS or WhatsApp claiming to be from your bank — always type the URL manually
• ⚠️Urgent deadline to share OTP or 'your account will be blocked'
• ⚠️Any website where the URL is not exactly your bank's official domain

✅ What to do if you've been targeted

1. 1NEVER share your OTP with anyone — not even someone claiming to be from your bank
2. 2If you accidentally shared an OTP — call your bank IMMEDIATELY to block transactions
3. 3Report to your bank within 3 working days for zero liability refund under RBI rules
4. 4Call 1930
5. 5File complaint on cybercrime.gov.in

📋 Official resources & complaint portals

• →cybercrime.gov.in
• →1930
• →cms.rbi.org.in — RBI Ombudsman