Bank OTP call asking for code just sent — what to do if it's a scam?

Imagine this all-too-common scenario in India: your phone rings, displaying a number that might even look legitimate, or at least not immediately suspicious. The caller on the other end speaks in a professional, authoritative tone, claiming to be from "your bank" – perhaps SBI, HDFC, ICICI, or a regional cooperative bank. They might use your full name, adding a layer of authenticity to their deception. The narrative they weave can vary. Often, they'll create a sense of urgency or concern. They might say there’s a "suspicious transaction" on your account that needs immediate verification, an "account block" due to an expired KYC, an "undisbursed refund" from a recent online purchase, or even an "account upgrade" for better interest rates or features. The core of their strategy, however, remains the same: they need an OTP. Crucially, while they are talking to you, they are simultaneously initiating a transaction or a password reset request on your bank account from their end. This action triggers your bank to send a legitimate One-Time Password (OTP) to your registered mobile number. The scammer knows this OTP is coming and will direct you to read it out to them, claiming it's for "verification," "confirmation," or "authorisation" of the action they just mentioned. They'll often pressure you, saying the OTP is "time-sensitive" or that "your account will be frozen" if you don't comply immediately. Once you provide that OTP, the game is over. That single code is the key they need. It could authorise a large transfer from your savings, approve a payment to a digital wallet, or allow them to change your online banking password, locking you out of your own account. Because the OTP originated from your actual bank and was voluntarily shared by you, the fraudulent transaction often bypasses immediate fraud detection systems, making recovery extremely difficult. The scammer disappears, and your money is gone, often transferred quickly through multiple accounts to obscure its path. This speed and the direct, immediate loss make the OTP Sharing Trick one of the most high-risk scams currently targeting bank customers in India.

• Unsolicited Calls About Your Bank Account:** Your real bank will almost never call you out of the blue to ask for personal details or OTPs, especially if they are saying there's an urgent issue.
• Demand for OTP, PIN, or Password:** Any call asking for an OTP, UPI PIN, ATM PIN, or Internet Banking password is a definitive scam. Banks *never* ask for these over the phone, email, or SMS.
• Sense of Urgency or Threat:** Scammers frequently use high-pressure tactics, threatening account suspension, transaction failure, or other dire consequences if you don't comply immediately.
• Caller Initiates the OTP Generation:** If a caller is on the line and *then* an OTP arrives on your phone, be extremely suspicious. They've likely triggered it.
• Verification of a "Suspicious Transaction" You Didn't Make:** While banks do monitor for suspicious activity, they will ask you to visit a branch or use secure official channels, not ask for OTPs over the phone to "verify."
• Requests to Download Any App:** Be wary if they ask you to download any remote access app (like AnyDesk, TeamViewer QuickSupport) for "assistance." This gives them control over your phone.

• Never Share Your OTP:** This is the golden rule. An OTP is like the key to your digital locker. Banks will *never* call you and ask for it. Treat every OTP as confidential and for *your eyes only*.
• Verify the Caller Independently:** If you receive a suspicious call claiming to be your bank, disconnect immediately. Do not call back the number that called you. Instead, look up your bank's official customer care number from their website or your passbook and call them directly to verify the information.
• Read OTP SMS Carefully:** Before entering any OTP, always read the accompanying message. It clearly states what action the OTP is for (e.g., "OTP for a transaction of ₹5000", "OTP for password reset"). If it doesn't match what you intend to do, *do not share it*.
• Be Skeptical of Offers or Threats:** If an offer sounds too good to be true, it probably is. If a threat creates immediate panic, it's likely a scammer trying to manipulate you.
• Keep Your Contact Details Updated:** Ensure your bank has your latest mobile number and email ID so you receive legitimate alerts and can contact them reliably.
• Educate Elderly Family Members:** Scammers often target more vulnerable populations. Take time to explain these scams to your parents and grandparents in simple terms.

• Do NOT Share the OTP:** If you suspect it's a scam call and an OTP arrives, absolutely do not share it. Disconnect the call immediately.
• Hang Up Immediately:** If a caller pressures you for an OTP, hang up. Don't engage, don't argue, just terminate the call.
• Contact Your Bank's Official Helpline:** Immediately inform your bank about the attempted fraud by calling their official customer service number (usually found on their website, ATM, or bank passbook). You can also use their official fraud reporting options.
• Report to the National Cybercrime Helpline (1930) and Portal (cybercrime.gov.in):** If you have shared an OTP and lost money, report the incident immediately. The sooner you report, the higher the chances of recovering funds, as banks can sometimes put a hold on transactions.
• Block the Number:** While not foolproof (scammers use multiple numbers), blocking the scammer's number can prevent future harassment from that specific contact.
• Change Your Banking Passwords:** As a precautionary measure, change your internet banking, UPI, and other financial passwords if you suspect your details have been compromised in any way.