What to do if I shared my OTP in a phishing scam?

Immediately contact your bank's helpline and report the incident. You can also visit cybercrime.gov.in to file a complaint.

How can I identify a phishing scam?

Look for spelling mistakes, urgent requests for personal info, or unfamiliar links in messages. Legitimate organizations won't request sensitive details via chat.

What is the process for reporting this type of scam in India?

You can report such scams by calling the cybercrime helpline at 1930 or by visiting cybercrime.gov.in to file an online complaint.

How can I recover money or protect my accounts after this scam?

Contact your bank immediately to report unauthorized transactions. Change your passwords and enable two-factor authentication to secure your accounts.

Cracked in under a minute: (nearly) every other password

INDIA — By BharatSecure Threat Intelligence Team · Updated May 22, 2026

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: phishing

How Cracked in under a minute: (nearly) every other password Works

This report highlights the alarming vulnerability of common passwords, with nearly half being crackable in under a minute and most within an hour. It underscores the critical need for stronger password practices to prevent unauthorized access to accounts.

How This Scam Works — Detailed Explanation

In today's digital landscape, scammers have become more adept at identifying and targeting victims through compromised online platforms. Popular applications like WhatsApp and social media sites serve as hotspots where attackers can masquerade as trusted contacts or organizations to exploit unsuspecting individuals. For instance, a fake message may be sent from a known contact, prompting the victim to click on a link that leads to a phishing site designed to steal their credentials. Given that many individuals reuse passwords across multiple services, once a single password is revealed, attackers can gain access to various personal accounts, including UPI payment platforms and banking apps.

The psychological tactics used by these cybercriminals are particularly effective. They often leverage fear, urgency, or curiosity to manipulate victims into taking hasty actions without verifying the legitimacy of the communication. For instance, a victim might receive a message claiming their bank account will be suspended unless they immediately verify their details via a link. This creates a perfect storm where the victim, in a panicked state, provides their credentials. Additionally, scammers may create a sense of familiarity by using logos and language that closely resemble reputable entities, further solidifying the illusion of trust.

Once a victim has fallen into the trap, the ramifications are severe and swift. The attacker can now access the victim's accounts, potentially draining funds from bank accounts linked through UPI or stealing sensitive information linked to their Aadhaar details. As per the National Cyber Crime Reporting Portal, many victims have reported losses ranging from ₹1 lakh to several crores due to such scams. A common scenario unfolds: the victim receives an OTP (One Time Password) for fraudulent transactions they did not initiate, and by the time they react, their accounts have already been compromised. Major lenders like SBI and HDFC report increasing cases of such breaches, causing significant distress to customers who realize they've been exploited.

The financial impact of password-related scams is staggering. According to the Ministry of Home Affairs, cybercrime incidents in India have surged, with losses reportedly exceeding ₹20,000 crores in recent years. Additionally, the Reserve Bank of India (RBI) has issued several advisories stressing the need for robust security measures. In response to overwhelming complaints, CERT-In, the government's computer emergency response team, has also published numerous guidelines for enhancing account security. The concerns are amplified by the ease with which many passwords can be cracked; research suggests nearly half of all passwords can be compromised in less than a minute, making education on this issue urgent.

For individuals to discern between scams and legitimate communications, it's vital to look out for red flags. Messages that urge immediate action, contain grammatical errors, or use vague language should raise suspicions. Additionally, legitimate organizations usually do not ask users to provide sensitive information through insecure channels or via unsolicited messages. It is essential to double-check URLs and be cautious of unfamiliar links, especially those that lead to sites requesting personal details. When in doubt, one should directly contact the supposed entity via official channels to verify any communication's legitimacy. Recognizing these signs is crucial to protecting oneself from the ever-evolving landscape of online scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Cracked in under a minute: (nearly) every other password Target?

General public across India

Red Flags — How to Identify Cracked in under a minute: (nearly) every other password

passwords
password cracking
dark web
cybersecurity
account security

What To Do If You Encounter Cracked in under a minute: (nearly) every other password

Report any suspicious messages or calls to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
Change your passwords immediately, especially for your email and UPI accounts.
Enable two-factor authentication on all your accounts to add an extra layer of security.
Monitor your bank statements and UPI transactions regularly for any unauthorized activity.
Educate family and friends about phishing scams to help them recognize signs of fraud.
Contact your bank's helpline; for example, SBI at 1800-11-1109 or HDFC at 1800-202-6161, to report potential fraud.

How to Report Cracked in under a minute: (nearly) every other password in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a phishing scam?: Immediately contact your bank's helpline and report the incident. You can also visit cybercrime.gov.in to file a complaint.
How can I identify a phishing scam?: Look for spelling mistakes, urgent requests for personal info, or unfamiliar links in messages. Legitimate organizations won't request sensitive details via chat.
What is the process for reporting this type of scam in India?: You can report such scams by calling the cybercrime helpline at 1930 or by visiting cybercrime.gov.in to file an online complaint.
How can I recover money or protect my accounts after this scam?: Contact your bank immediately to report unauthorized transactions. Change your passwords and enable two-factor authentication to secure your accounts.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.