What to do if I shared my OTP in a UPI scam?

Immediately contact your bank to report unauthorized access and call the cybercrime helpline at 1930.

How can I identify OTP phishing in marketplace deals?

Look for buyers requesting an OTP to confirm payment or those insisting on urgent responses—these are red flags.

How to report this type of scam in India?

You can report scams at 1930, visit cybercrime.gov.in and reach out to your bank's fraud reporting number.

How can I recover my money or protect my accounts after this scam?

Contact your bank to report the fraud and follow their guidance for potential recovery options. Consider updating your security measures.

OTP Phishing in Marketplace Deals

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, KYC, Phishing

How OTP Phishing in Marketplace Deals Works

Overview: OTP phishing scams on OLX and similar marketplaces target everyday Indians who are unfamiliar with digital security. The attacker tricks users into sharing one-time passwords, enabling access to their UPI, bank, or e-wallet accounts. These scams can lead to bank account takeover or unauthorized transfers within minutes. How It Works: 1. Criminal calls or messages, posing as a buyer, requesting a seller to share an OTP sent to their phone for transaction verification. 2. The scammer claims the OTP is required to process or confirm payment receipt. 3. If shared, the OTP enables unauthorized withdrawal or changing of security settings on your financial accounts. 4. Sometimes, the attacker uses this to register your account to a new device, locking you out. India Angle: High in cities with rapid digital adoption like Bengaluru, Pune, and Hyderabad. Scams may use Hindi, English, or regional tongues. Older adults and those listing items on classified platforms are prime targets. Real Examples: - “Sir, you will get an OTP now. Please share it so I can finish transferring the money. Trust me, it’s safe!” - “Ma’am, payment processing. For security, please verify with the OTP sent to your mobile.” Red Flags: - Buyer asks for an OTP for any reason - Claims that OTP is required to "receive money" - Pressure to act or reply immediately - Threats of cancelling the deal if not shared Protective Measures: - Never share OTPs related to bank, UPI, or e-wallets with anyone - Banks or genuine buyers will NEVER need your OTP - Only confirm payments via your secure apps If Victimised: - Call your bank helpline, disable your UPI, and change passwords immediately - Notify the National Cybercrime Helpline (1930) and submit a report on cybercrime.gov.in Related Scams: - OLX KYC update/verification scam - Account takeover classic phishing - Loan or SIM swap fraud

How This Scam Works — Detailed Explanation

Scammers are increasingly using popular online marketplaces like OLX to find and approach potential victims. They often create fake buyer profiles or hijack legitimate ones to appear credible, targeting unsuspecting sellers who are eager to finalize transactions. Using platforms such as WhatsApp or direct phone calls, these scammers initiate contact with sellers by showing interest in their listed items. This familiarity with common marketplace interactions makes it easier for scammers to gain the seller's trust and set the stage for further manipulation.

Once contact is established, these scammers employ specific tactics to create a sense of urgency and confusion. They might claim that sharing an OTP (One-Time Password) is necessary to 'confirm' the transaction, often couching it in technical jargon that makes it seem legitimate. Their messages or calls will typically include phrases like "I need the OTP to make the payment go through" or "It’s a security measure from the bank." This psychological tactic targets the seller’s fear of losing the sale, compelling them to share the OTP quickly without pausing to think.

Once the victim shares the OTP, the scammer acts swiftly. They use the received OTP to access the victim's UPI (Unified Payments Interface) or banking apps, enabling instant transfers from the victim’s account. An illustrative example from 2023 involved a victim from Uttar Pradesh who lost ₹3 lakh in minutes after sharing their OTP with a scammer posing as a buyer on OLX. Victims report feeling devastated as they realize the money has been siphoned off without a trace, leaving them with feeling of betrayal and frustration.

The impact of these scams has been staggering. In 2022 alone, it was reported that Indian consumers lost over ₹1,500 crore due to online fraud, with OTP phishing being a significant contributor to these statistics. Organizations like CERT-In and advisories from the RBI have specifically highlighted the rise of such scams, urging citizens to be vigilant. Additionally, the Ministry of Home Affairs categorized OTP phishing as a critical cybersecurity concern, underscoring its rise in the digital age.

To effectively differentiate between legitimate requests and potential scams, sellers can keep an eye out for certain red flags. If a buyer asks for an OTP to confirm a payment or threatens immediate deal cancellation if the OTP isn’t provided, these are strong indicators of a scam. Moreover, genuine platforms like UPI or banks will never request OTPs in this manner, especially not through a third-party conversation. Sellers should always consult official sources or customer service before taking any action based on request for sensitive information.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does OTP Phishing in Marketplace Deals Target?

General public across India

Red Flags — How to Identify OTP Phishing in Marketplace Deals

Buyer requests OTP to 'confirm' transaction
Insists you share OTP urgently
Says OTP needed to receive money
Immediate deal cancellation threats if no response

What To Do If You Encounter OTP Phishing in Marketplace Deals

Report any suspicious communication to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
Contact your bank immediately to freeze your account and prevent further unauthorized transactions.
Change passwords for all banking and UPI apps on your device right away.
Enable two-factor authentication on your digital payment apps for added security.
Inform friends and family about your experience to raise awareness and prevent them from falling victim.
Document everything related to the scam (messages, call records) for any potential investigation.

How to Report OTP Phishing in Marketplace Deals in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank to report unauthorized access and call the cybercrime helpline at 1930.
How can I identify OTP phishing in marketplace deals?: Look for buyers requesting an OTP to confirm payment or those insisting on urgent responses—these are red flags.
How to report this type of scam in India?: You can report scams at 1930, visit cybercrime.gov.in and reach out to your bank's fraud reporting number.
How can I recover my money or protect my accounts after this scam?: Contact your bank to report the fraud and follow their guidance for potential recovery options. Consider updating your security measures.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.