How to protect yourself from OTP Harvesting via KYC Fraud Calls?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

OTP Harvesting via KYC Fraud Calls

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, KYC, Phishing

How OTP Harvesting via KYC Fraud Calls Works

Overview: OTP harvesting through KYC fraud calls is a tactic used by scammers to trick Indians into revealing one-time passwords (OTPs) by pretending to be from banks, UPI providers, or government bodies. These calls often carry a sense of urgency and exploit regulatory changes, such as new RBI KYC/2FA mandates. Once the attacker gets the OTP—often under the pretext of account verification—they can take over accounts, transfer funds, or enable unauthorized cardless withdrawals. The threat is particularly severe for accounts where users rely on OTPs as their main protection layer. How It Works: Fraudsters build a convincing script and call the target, often address[ADDRESS_REDACTED]. They cite ongoing KYC or account verification exercises, claiming your account will be suspended unless you comply. Victims are then guided through a fake 'verification' process, including sharing OTPs received on their mobile. Sometimes, a fake IVR or background office noise is used to sound authentic. The OTP allows the attacker to reset passwords or authorize transactions. India Angle: This scam is rampant in urban and semi-urban India, especially among people with limited digital literacy or who have recently completed eKYC. The scam flourishes around financial year end, during mass KYC update drives, or when banks publicize new regulatory changes. Multilingual scripts target citizens across states, and fraudsters often spoof local bank or RBI helpline numbers. Real Examples: "This is State Bank eKYC. You must confirm the OTP received for service activation." Or "Your UPI will be frozen unless last 6-digit OTP is shared now." Many victims report receiving repeat calls within hours if they hesitate. Red Flags: - Calls referencing urgent KYC, Aadhaar, or 2FA compliance - Demands for OTPs to 'unlock' or 're-activate' services - Calls from landline numbers mimicking official helplines - Requests for sensitive info despite you not initiating bank action Protective Measures: Remember: Your bank will never ask for your OTP over calls. Hang up and call your branch or UPI provider’s official number to verify any KYC update. Report suspicious calls to DND or your telecom provider. If Victimised: Immediately contact your bank to block transfers, change app PINs, and report to 1930 and cybercrime.gov.in. File a written complaint with all details. Related Scams: Phishing via KYC update SMS, Aadhaar number scams, UPI deactivation threats.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does OTP Harvesting via KYC Fraud Calls Target?

General public across India

Red Flags — How to Identify OTP Harvesting via KYC Fraud Calls

Calls citing urgent KYC/Aadhaar/2FA requests
Requests for OTP

What To Do If You Encounter OTP Harvesting via KYC Fraud Calls

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report OTP Harvesting via KYC Fraud Calls in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is OTP Harvesting via KYC Fraud Calls?: Overview: OTP harvesting through KYC fraud calls is a tactic used by scammers to trick Indians into revealing one-time passwords (OTPs) by pretending to be from banks, UPI providers, or government bodies. These calls often carry a sense of urgency and exploit regulatory changes, such as new RBI KYC/2FA mandates. Once the attacker gets the OTP—often under the pretext of account verification—they can take over accounts, transfer funds, or enable unauthorized cardless withdrawals. The threat is par
How does OTP Harvesting via KYC Fraud Calls work?: Overview: OTP harvesting through KYC fraud calls is a tactic used by scammers to trick Indians into revealing one-time passwords (OTPs) by pretending to be from banks, UPI providers, or government bodies. These calls often carry a sense of urgency and exploit regulatory changes, such as new RBI KYC/2FA mandates. Once the attacker gets the OTP—often under the pretext of account verification—they ca
How to protect yourself from OTP Harvesting via KYC Fraud Calls?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report OTP Harvesting via KYC Fraud Calls in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.