Screen-Share Enabled OTP/PIN Theft (Remote Access Scam) — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: CRITICAL | View Full Scam Details

Screen-Share Enabled OTP/PIN Theft Scam in India 2026: Protect Your UPI and Bank Accounts Now

A rising cybercrime in India involves scammers using remote screen sharing to steal your OTPs and PINs, putting your digital payments and bank money at critical risk.

What Is the Screen-Share Enabled OTP/PIN Theft (Remote Access Scam)?

The Screen-Share Enabled OTP/PIN Theft scam is a dangerous new fraud targeting digital payment users across India. With millions relying on UPI, mobile banking apps, and Aadhaar-linked services, scammers prey on users by gaining remote access to their phones or computers. This scam often starts with an unsolicited call or message from fraudsters impersonating banks, tech companies, or government agencies like UIDAI. They claim there is an urgent issue with your account or Aadhaar details needing immediate attention.

To “help” resolve the problem, victims are asked to install remote access apps such as AnyDesk or TeamViewer and share their device screen. By doing so, scammers can watch sensitive operations in real-time, including OTP input or PIN entry, which lets them quickly drain bank accounts, authorize UPI transactions, or compromise Aadhaar-based services.

This scam has become notably widespread in India, with thousands of complaints lodged every month to cybercrime authorities like the Indian Cyber Crime Coordination Centre (I4C). The RBI and CERT-In have repeatedly warned users to avoid sharing remote access or OTPs with anyone, emphasizing the surge of remote access-based fraud calls during the pandemic and beyond.

How This Scam Works — Step by Step

1. Initial Contact: The victim receives a call or WhatsApp message claiming to be from their bank, UIDAI, or a reputed tech support team. The caller alleges urgent fraud on the victim's account or Aadhaar misuse.

2. Convincing the Victim: The caller instructs the victim to install a remote access app such as AnyDesk or TeamViewer to “fix” the problem. They claim that without remote access, they cannot protect the victim’s funds or identity.

3. Granting Remote Access: Once the victim installs the app and shares the access code, scammers can view the victim’s screen and control the device.

4. Requesting Sensitive Inputs: The scammer asks the victim to log in to their banking app or UPI app and perform certain transactions or updates. While the victim enters the OTP or PIN thinking it is secure, the scammer watches in real time.

5. Stealing Credentials and Money: Using the captured OTPs and PINs, the scammer authorizes fraudulent UPI payments, bank transfers, or even Aadhaar authentication services. They may also perform SIM swap or add beneficiaries remotely.

6. Disconnection and Silence: After draining funds or causing damage, the scammer ends the call and disconnects access. The victim later finds unauthorized transactions or loss of access to accounts.

Real Warning Signs to Watch For

• Unsolicited calls claiming urgent account, Aadhaar, or UPI issues
• Asking to install remote access apps to “fix” problems immediately
• Requesting device screen sharing or remote control permissions
• Instructing to enter OTP or PIN while on the call with remote access enabled
• Pressuring you to act quickly or threatening account suspension
• Caller number with suspicious or unrecognisable patterns (not official numbers)
• Refusal to provide official helpline or verification details

What Happens to Victims

Victims of this scam often suffer severe financial loss as scammers authorize unauthorized UPI payments or bank transfers worth tens of thousands of rupees — sometimes even lakhs. Reversing these transactions can be complicated due to RBI's time-bound dispute policies and the instantaneous nature of UPI payments.

Moreover, emotional distress from losing access to Aadhaar-linked services or SIM cards through SIM swapping is common. Victims may struggle to regain control of their bank accounts or mobile numbers, hindering OTP receipt and opening up further risk. The scam can destabilize trust in India’s digital payments ecosystem and cause long-term financial and psychological harm.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) regularly cautions users against sharing OTPs, PINs, or device remote access codes with anyone, including those claiming to be bank officials. RBI’s official helpline helps with fraud reporting.

CERT-In (Indian Computer Emergency Response Team) issues cybersecurity advisories warning about scams involving remote desktop tools and urges users to keep software updated and avoid sharing access with unknown callers.

For immediate help, victims can contact the National Cybercrime Reporting Portal of India (I4C) at cybercrime.gov.in, or call the helpline number 1930 to report such scams.

How to Protect Yourself

1. Never install remote access apps or share screen access based on unsolicited calls or messages.
2. Do not share OTPs, PINs, passwords, or Aadhaar details with anyone, even if they claim to be officials.
3. Always hang up and independently verify calls by contacting your bank or UIDAI through official helplines.
4. Regularly update your phone and banking apps to stay protected against vulnerabilities.
5. Enable UPI transaction limits and two-factor authentication where possible.
6. Avoid clicking on suspicious WhatsApp links or downloading unknown apps.
7. Keep your Aadhaar and bank details confidential, and monitor your account statements regularly for unauthorized transactions.

What to Do If You’ve Been Targeted

1. Immediately block your UPI app or bank account through the official app or helpline.
2. Contact your bank and report the unauthorized transactions. Request a blocking of further transactions and emphasis on fraud dispute process.
3. Call the 1930 cybercrime helpline or file a complaint at cybercrime.gov.in to report the scam.
4. Inform your mobile service provider if you suspect SIM swap or theft.
5. Change all related passwords, PINs, and security questions on your bank and digital services.
6. Report to UIDAI helpline if your Aadhaar details have been compromised.
7. Stay alert for phishing or follow-up fraud calls; do not engage.

Frequently Asked Questions

Q: Can scammers really access my bank account just by remote viewing my screen?
A: Yes, if you share remote access and enter OTPs or PINs during the session, scammers can authorize payments or transfers, effectively stealing money from your account.

Q: If I receive a call claiming my Aadhaar is misused, should I share remote access to fix it?
A: No. The UIDAI never asks for remote access or OTP sharing over phone calls. Always contact UIDAI directly via official channels to verify.

Q: What apps or software do scammers commonly use for this scam?
A: Remote access tools like AnyDesk, TeamViewer, or similar apps are often misused to view victims’ device screens and steal sensitive inputs.

For any suspicious message or call claiming to be from your bank, UIDAI, or government service, verify with BharatSecure.app. To report fraud, immediately call the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.