What to Do If You Shared an OTP With a Scammer

· Anuranjan Vikas · 4 min read
otpscamsbankingguide

If you shared an OTP with a scammer, act immediately. Call your bank or payment app if the OTP was linked to money. Change the password for the account involved. Log out of other sessions. Turn on two-factor authentication. If money moved, report it on cybercrime.gov.in or call 1930 as soon as possible.

An OTP is not “just a code.” It is often the final key that confirms a login, payment, password reset, WhatsApp registration, or card transaction.

The right move depends on what the OTP was for.

If the OTP was for banking or card payment

Call your bank now. Use the number from the official bank app, card, or website.

Tell them:

  • You shared an OTP by mistake
  • The time it happened
  • The amount, if any transaction happened
  • The merchant or recipient name, if visible
  • The phone number or message that asked for the OTP

Ask them to:

  • Block or review the transaction
  • Block the card if card details were exposed
  • Reset net banking access if needed
  • Check for new beneficiaries or suspicious login attempts

If money was debited, file a complaint on cybercrime.gov.in or call 1930. Fast reporting can help banks and law enforcement try to stop or trace the movement of funds.

If the OTP was for UPI

UPI scams often confuse people because scammers say “enter PIN to receive money” or “approve this request to verify.”

NPCI’s UPI safety guidance is clear: you enter your UPI PIN only to send money, not to receive it. It also says not to share UPI PIN with anyone and to verify the receiver’s name before paying.

If you shared a UPI OTP or approved something suspicious:

  • Open your UPI app
  • Check recent transactions
  • Remove unknown mandates or autopay instructions
  • Check linked bank accounts
  • Call your bank if money moved
  • Report financial fraud through 1930 or cybercrime.gov.in

Also block the scammer in the UPI app if the app gives that option.

If the OTP was for WhatsApp

This is usually an account takeover attempt.

The scammer may say:

I accidentally sent a code to your number. Please forward it.

That code is often for registering your WhatsApp account on their phone.

Do this:

  1. Open WhatsApp on your phone
  2. If you are logged out, try to register your number again
  3. Enter the fresh OTP that WhatsApp sends you
  4. Turn on two-step verification in WhatsApp settings
  5. Warn close contacts from another channel if your account was taken over

WhatsApp two-step verification adds a PIN that helps stop future takeovers.

If the OTP was for Gmail, Apple, Instagram, Facebook, or another account

Change the password immediately.

Then check:

  • Logged-in devices
  • Recovery email
  • Recovery phone number
  • Connected apps
  • Email forwarding rules
  • Recent security activity

Log out of devices you do not recognize.

For email accounts, check forwarding rules carefully. Attackers sometimes add a rule that silently forwards all incoming mail to them. That lets them keep seeing password reset emails even after you change your password.

If you do not know what the OTP was for

Look at the OTP message itself. It usually names the service or action.

Search for words like:

  • Login
  • Password reset
  • Transaction
  • Device registration
  • UPI
  • Card
  • WhatsApp
  • Verification

If the message is vague, treat it as high risk. Change the password for your main email first, then check bank and UPI apps.

What not to do

  • Do not send another OTP to “cancel” the first one
  • Do not trust anyone who says they are from the bank and needs the next code
  • Do not install a screen sharing app
  • Do not share screenshots of OTP messages
  • Do not wait until morning if money is involved

Scammers often call again after the first OTP. They may say the transaction can be reversed if you share one more code. That is almost always another trap.

What to say to family

Use simple wording:

No one needs an OTP from you. Not the bank, not WhatsApp, not a courier company, not customer care. If someone asks for an OTP, the answer is no.

For older parents, save this as a note on their phone:

OTP means money or account access. Never share it. Call family first.

How Kaval can help

Forward the message or screenshot to Kaval. Kaval can tell you what the OTP appears to be for and what to do next.

Example:

This OTP is for WhatsApp registration. If you shared it, open WhatsApp and register your number again. Then turn on two-step verification.

Or:

This OTP is for a card transaction. Call your bank now and report the scam on 1930 if money moved.

When you are stressed, a specific next step beats a long explanation.

Quick answer

If you shared an OTP, assume the related account or transaction is at risk. Secure that account, call your bank if money is involved, and report financial fraud through 1930 or cybercrime.gov.in. Never share a second OTP to “fix” the first one.