What is an OTP and Why is it Secret?
Think of a One-Time Password as a digital key that is valid for only one use and for a very short time, typically just a few minutes. [11] It is a unique code of four to six digits sent to your registered mobile number or email to verify that it is really
you making a transaction or logging in. [11, 12] This system is a form of two-factor authentication (2FA), adding a crucial second layer of security beyond your regular password. [9] If a fraudster steals your password or card details, they still need this time-sensitive code to access your account. [7] Sharing it is like handing over the keys to your digital vault. No legitimate company, be it a bank, e-commerce site, or government agency, will ever ask you to share your OTP. [4, 9]
The Anatomy of a Modern OTP Scam
Scammers are masters of social engineering—the art of manipulating people into giving up confidential information. [4] They create a sense of urgency or panic. [7] For instance, you might get a call from someone pretending to be a bank official, warning that your debit card is about to be blocked unless you "verify" your account by sharing an OTP you just received. [2] Other common tactics include lottery or prize scams, where they ask for an OTP to "release" your winnings, or impersonating delivery agents who need an OTP for your package. [2] These fraudsters often use sophisticated methods, including fake websites and call centres, to appear legitimate. [4] Their goal is always the same: to trick you into sharing the code that gives them access to your money or personal data. [10]
Why Chats Are a Danger Zone
The headline specifically warns against sharing OTPs in chats, and for good reason. Messaging apps like WhatsApp feel informal and private, making us lower our guard. Scammers exploit this trust. They might contact you via chat, perhaps after a SIM swap fraud where they've gained control of your number, or impersonate a friend or family member in urgent need of money. [9, 23] Once you share an OTP in a chat, the scammer has a written record. It can be screenshotted and used instantly. Furthermore, screen-sharing apps can be used by fraudsters to see your screen in real-time as you receive and type in an OTP, giving them direct access. [8] The perceived safety of a private chat is an illusion that criminals readily exploit.
Red Flags: How to Instantly Spot a Scam
Vigilance is your best defence. Treat any unsolicited request for an OTP as a major red flag. [5] Scammers thrive on creating pressure; they will rush you, saying the offer is for a limited time or that your account is at immediate risk. [5, 10] Be highly suspicious of any message or call that promises unbelievable rewards or cashback in exchange for an OTP. [2, 4] Another clear warning sign is when someone asks you to scan a QR code and then enter an OTP to "receive" money—this is often a trick to authorize a payment from your account. [2] Remember, your bank or any service provider already has your details; they don't need you to verify information by reading an OTP back to them.
What to Do If You've Shared an OTP
If you mistakenly share an OTP, you must act immediately. The first few minutes are critical. [5] First, call your bank or payment app's official customer service number (do not use a number sent by the potential scammer). Inform them of the potential fraud and ask them to block your card or account immediately to prevent further transactions. [3] Next, if money has been debited, report the incident to the National Cyber Crime Reporting Portal at cybercrime.gov.in or by calling the helpline number 1930. [3] Prompt reporting increases the chances of tracing and potentially recovering the funds. [3] Finally, change the passwords for the compromised account and any other accounts that use similar credentials.
