What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's customer service and report the incident. Use SBI's helpline at 1800-11-1109 or HDFC's at 1800-202-6161 to freeze your account.

How can I identify this specific scam?

Look out for unsolicited calls asking you to install remote access apps or requesting OTPs. Authentic bank calls will never ask for sensitive information over the phone.

How do I report this type of scam in India?

You can report scams through the national cybercrime reporting portal at cybercrime.gov.in or call the cybercrime helpline at 1930.

What steps can I take to recover my money after this scam?

Contact your bank’s helpline immediately and file a complaint. Keep a record of all correspondence and details to assist in the investigation.

Screen-Sharing Remote Access OTP Theft

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: UPI, KYC, Phishing

How Screen-Sharing Remote Access OTP Theft Works

Overview: Increasingly, Indian bank customers receive calls from fraudsters posing as helpdesk executives, urging them to download apps like AnyDesk or TeamViewer. The criminal then gains visual access to the victim’s mobile screen, watching in real time as the victim enters sensitive info (like OTP or UPI PIN). This dangerous scam can drain your account within minutes and often targets older adults and people unfamiliar with technology. How It Works: 1. The criminal calls under the pretext of technical support or problem-solving. 2. Victim is instructed to download a remote screen-sharing app. 3. Once connected, scammer asks the victim to log into banking app or approve UPI or OTP prompts. 4. The scammer watches or even operates the phone remotely, entering details, stealing OTPs, and authorizing fund transfers. India Angle: Most cases involve Hindi or regional language calls impersonating support from SBI, ICICI, PhonePe, or Paytm. Target states include Maharashtra, Karnataka, and West Bengal. Rural populations and elderly users with less digital awareness are particularly susceptible. Real Examples: - "Install this app—AnyDesk/QuickSupport—to complete your KYC." - "Bank server issue; open your UPI app with me on the call so I can help." - "To verify your account, let me guide you step by step on your screen." Red Flags: - Being asked to install screen-sharing apps by anyone over a call. - Caller insists on remaining connected while you enter sensitive data. - Requests for OTP, UPI PIN, or login info during the remote session. - Caller won’t let you disconnect or says the process must be completed now. Protective Measures: - Never install screen-sharing or remote access apps unless you understand and trust the request fully. - Banks and payment apps never ask for remote viewing or operate your phone. - Hang up and block such callers immediately. - Alert community groups—spread word among elders and the less tech-savvy. If Victimised: - Disconnect the remote session at once and uninstall the app. - Inform your bank & block the account/UPI access. - Call 1930 and file a cybercrime report. Related Scams: - UPI account takeover via phishing - App-based tech support scams

How This Scam Works — Detailed Explanation

Scammers often initiate their attack by cold-calling victims, most frequently targeting older adults who may not be well-versed in technology. They may find potential victims by sourcing phone numbers from public records, social media, or data breaches. Once a scammer identifies a suitable target, they call the victim pretending to be a representative from a bank helpdesk or a reputable tech support team. In India, banks like SBI or HDFC are often impersonated due to their widespread use. The scammer typically uses a friendly tone and claims there's a problem with the victim's UPI transactions or Aadhaar-linked bank accounts. This is designed to elicit concern from the victim, leading them to trust the caller's false identity.

The scammers employ various psychological tricks to manipulate their victims into compliance. They often create a sense of urgency, asserting that immediate action is required to resolve a supposed security issue. These tactics can include telling the victim that their account has already been compromised and that they are in danger of losing their funds. They reassure victims by comforting them with phrases like, "Don’t worry, I’m here to help you and will guide you step by step.” The use of technical jargon or fake verification prompts can also intimidate victims into feeling that they need to follow the instructions given. Additionally, these scams often leverage the trust people have in technology; thus, when asked to download legitimate remote access applications like AnyDesk or TeamViewer, victims often comply without hesitation.

After downloading the remote access app, the victim becomes unwittingly aware that they are sharing access to their screen. During the call, the fraudster directs the victim to log into their UPI or banking app and urges them to input sensitive information such as OTPs or UPI PINs. Examples abound: In 2022 alone, victims in India reported losing nearly ₹38 crore due to various iterations of this scam involving screen-sharing. One victim from Uttar Pradesh was led to believe that there was an issue with his Aadhaar linking, leading him to share his OTP; within minutes, he lost ₹1 lakh. Such instances illustrate how quickly funds can be drained once control over a device has been established.

The impact of this scam has been notable across India, with millions falling prey to similar fraudulent schemes. The Ministry of Home Affairs (MHA) has documented a sharp rise in cyber-related crimes, urging victims to be vigilant and report incidents promptly. Additionally, CERT-In has released advisories on common scams and urged the public to adopt preventive measures. On the RBI's part, banks are required to educate customers about securing transactions and recognizing fraudulent activities. Sadly, numerous individuals remain unaware of the risk, causing the total money lost to reach staggering amounts. Reports indicate that in just the last year, UPI-related scams resulted in losses amounting to ₹500 crore, demonstrating the growing threat in our digital ecosystem.

Identifying this scam from legitimate communications can be straightforward in certain aspects. Valid helpdesk representatives from banks will never ask you to download third-party apps like AnyDesk or TeamViewer. When in doubt, it is essential to end the call to verify through official bank helplines such as SBI at 1800-11-1109 or HDFC at 1800-202-6161. Furthermore, be wary if they insist on remaining on the call while you input sensitive information. Genuine bank representatives will usually not request OTPs or sensitive PINs directly, but will advise you to keep such information private. Always cross-check before following any instructions that seem out of the ordinary to ensure you are not falling victim to this pervasive scam.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Screen-Sharing Remote Access OTP Theft Target?

General public across India

Red Flags — How to Identify Screen-Sharing Remote Access OTP Theft

Caller asks to install AnyDesk/TeamViewer/QuickSupport
Asked to login to bank or UPI app under remote guidance
Person wants to remain on call as you enter sensitive info
Requesting OTP or PIN during the session

What To Do If You Encounter Screen-Sharing Remote Access OTP Theft

Immediately report the incident at cybercrime.gov.in to alert authorities about the scam.
Call your bank's fraud helpline to freeze your account if you entered sensitive information.
Change your UPI PIN and passwords for any affected accounts right away to prevent further theft.
Educate your family members, especially older relatives, about this scam to prevent future incidents.
Stay updated on common cyber scams by visiting the CERT-In advisories regularly.
If you've lost money, file a complaint on the National Cyber Crime Reporting Portal at 1930.

How to Report Screen-Sharing Remote Access OTP Theft in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank's customer service and report the incident. Use SBI's helpline at 1800-11-1109 or HDFC's at 1800-202-6161 to freeze your account.
How can I identify this specific scam?: Look out for unsolicited calls asking you to install remote access apps or requesting OTPs. Authentic bank calls will never ask for sensitive information over the phone.
How do I report this type of scam in India?: You can report scams through the national cybercrime reporting portal at cybercrime.gov.in or call the cybercrime helpline at 1930.
What steps can I take to recover my money after this scam?: Contact your bank’s helpline immediately and file a complaint. Keep a record of all correspondence and details to assist in the investigation.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.