Double OTP system: Haryana Police’s new shield against cyber fraud and digital arrests — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: MEDIUM | View Full Scam Details

Double OTP Scam in India 2026: Haryana Police’s New Shield Against Cyber Fraud

In 2026, the "Double OTP" scam remains a growing threat in India, targeting citizens through fake one-time-password requests to steal money and personal data.

What Is the Double OTP System: Haryana Police’s New Shield Against Cyber Fraud and Digital Arrests?

The Double OTP scam is a sophisticated cyber fraud method targeting Indian citizens—especially vulnerable groups like the elderly—by exploiting their trust in digital banking and government platforms. Fraudsters deceive victims into sharing not one, but two OTPs (One-Time Passwords) to bypass security layers in mobile banking apps or UPI transactions. This scam causes medium-level financial damage, rated 5 out of 10 on the risk scale, but its emotional and social impact is severe.

Haryana Police have launched an innovative "Double OTP system," a layered authentication and monitoring protocol designed to identify and stop fraudulent digital transactions in real-time. Using advanced algorithms combined with citizen reporting, this system aims to quickly detect double OTP requests that are typical in scam attempts.

The scam is widespread across Indian states, prominently including metro and semi-urban areas where digital payment adoption is high but awareness about such fraud is low. The Reserve Bank of India (RBI) and CERT-In have issued alerts in recent years about OTP-related fraud, emphasizing citizen vigilance about unsolicited OTP requests, especially in UPI and mobile banking contexts.

How This Scam Works — Step by Step

1. Initial Contact via WhatsApp or Call: Scammers identify targets through social media and public data or buy phone numbers from dark web databases. They call or message posing as bank officials, government representatives, or tech support.

2. Creating a Sense of Urgency: They claim suspicious activity on the victim’s bank account or Aadhaar-linked services, warning of immediate arrest or blocking, prompting panic.

3. Request for First OTP: To “verify” the victim’s account or Aadhaar, they ask for the first OTP sent by the bank or UPI app during a transaction or login attempt.

4. Triggering a Second OTP: The scammer initiates another transaction or app login requiring a second OTP, which the victim is tricked into sharing as well.

5. Complete Account Takeover: Using both OTPs, scammers bypass two-factor authentication and transfer money through UPI apps like Google Pay, PhonePe, or Paytm.

6. Money Drained, SIM Swapped: Scammers may also perform a SIM swap — transferring the victim’s phone number to another SIM — to intercept future OTPs, blocking victims from regaining control quickly.

7. False Promises and Follow-Ups: The fraudsters continue communication, promising police help or refunds but vanish when the damage is done.

Real Warning Signs to Watch For

• Unsolicited calls or WhatsApp messages asking for OTPs.
• Calls pressuring you with threats like arrest or account blocking.
• Requests for multiple OTPs for the same app or transaction.
• Requests to install apps remotely or share screen for “verification.”
• Poor grammar or suspicious phone numbers (not official helplines).
• Sudden SIM inactivity or loss of mobile network shortly after interaction.
• Promises of easy refunds or “official” help without proper procedure.

What Happens to Victims

Victims of the Double OTP scam suffer a double blow—financial loss often ranging from ₹10,000 to several lakhs drained instantly from bank or UPI accounts, and emotional trauma from feeling violated and helpless. Since scammers frequently misuse Aadhaar-linked services, victims may have to deal with identity theft issues, creating long-term problems for loans, credit history, or government subsidies.

Due to SIM swap fraud often accompanying this scam, victims might temporarily lose access to their phone numbers, hindering their ability to reverse fraudulent transactions or receive critical notifications. Although RBI guidelines allow UPI transaction reversal under certain fraud scenarios, many victims lose crucial time before reporting, reducing chances of recovery.

What RBI and CERT-In Say

The Reserve Bank of India has emphasized never sharing OTPs, PINs, or passwords with anyone—even if the request comes from banks, government, or police. RBI’s cyber fraud helpline (call 1800-180-1234) is open for reporting suspicious activity related to banking OTPs.

CERT-In, India’s national cybersecurity agency, advises regular updates of mobile software, awareness about SIM swap frauds, and use of app-based locking features to prevent unauthorized use. The government’s I4C (Indian Cyber Crime Coordination Centre) also promotes awareness about OTP scams via public campaigns.

Victims can report digital fraud to the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call the 1930 cybercrime helpline to initiate investigations.

How to Protect Yourself

1. Never share OTPs with anyone, no matter who they claim to be.
2. Ignore unsolicited calls or messages demanding immediate action or OTPs.
3. Enable app-specific security like UPI app passcodes and biometric locks.
4. Regularly update your phone’s OS and apps to patch vulnerabilities.
5. Contact your bank immediately if you get unexpected OTPs or alerts.
6. Avoid clicking unknown links or installing apps from untrusted sources.
7. Inform your mobile operator instantly if your SIM stops working unexpectedly (possible SIM swap).

What to Do If You've Been Targeted

• Immediately block your UPI apps and bank accounts either via customer service or using emergency features in your banking app.
• Contact your bank’s fraud department and explain the scam in detail.
• File a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in explaining the Double OTP communication.
• Call the 1930 cybercrime helpline or local police to report the incident for legal action.
• Ask your mobile operator to block or reissue your SIM if you suspect SIM swap fraud.
• Inform RBI’s banking fraud helpline (1800-180-1234) to register your complaint and seek help with transaction reversals.

Frequently Asked Questions

Q1: Can sharing the first OTP alone lead to fraud?
No. In the Double OTP scam, scammers require both OTPs to bypass authentication. Sharing one OTP might not immediately harm you, but never share even the first OTP as it is the first step toward fraud.

Q2: How does SIM swapping help scammers?
SIM swapping transfers your phone number to a new SIM card in the scammer’s possession, letting them intercept all OTPs and calls, effectively hijacking your digital identity and banking access.

Q3: What should I do if I accidentally shared OTPs?
Immediately contact your bank to block your accounts, report the fraud on cybercrime.gov.in, and call the 1930 cybercrime helpline. Time is critical—act fast to stop further loss.

Be cautious and verify every OTP request you receive. If you encounter suspicious messages or calls, always check with BharatSecure.app before taking any action. Stay safe, safeguard your money!