What is OTP Fraud and How Do Scammers Execute This?
OTP fraud is a scam where fraudsters trick their targets into revealing their one-time password (OTP). If you don’t know, then let us tell you that OTP is usually required as verification to complete financial transactions or access accounts. These OTPs are sent by the bank through SMS or email. Only after submitting these, the transaction is completed or the account is logged in.
It acts as an extra security layer in the security system, ensuring that only authorized users can perform sensitive tasks. However, scammers take advantage of people’s lack of awareness, and often pose as legitimate employees of banks or service providers to gain access to this number. Once the OTPs are shared, scammers use them to transfer payments to their own accounts or, in some cases, log into the user’s account on their own devices.
Scammers use many different tactics to trick individuals into sharing their OTP. To establish trust, they often pose as bank representatives, customer service agents or even government officials. To further strengthen trust, they sometimes even make phone numbers similar to toll-free or official bank numbers. To pressure the victim into revealing the OTP, fraudsters pretend to have a fake problem with their account or pretend to offer them attractive rewards. In some cases, they also use phishing websites or apps that resemble the official portal to trick users into entering their OTP and personal information.
How to Avoid OTP Fraud
According to CERT-In, to avoid such frauds, keep the following information in mind:-
Be wary of calls that look similar to toll-free numbers of any bank or authorized company.
Do not share any personal information like credit/debit card details, CVV, OTP, account number, date of birth, debit/credit card ending numbers etc. with unknown persons over phone/online.
Always visit the official website of the bank or any authorized company and verify the number from which the call/SMS is received.
Do not share OTP over phone calls, emails and SMS for cashback, reward points or any such offers.