OTP FRAUD ALERT: A Cybercrime Every Policeman Must Guard Against

As a law enforcement officer, you're trained to detect danger in the real world—but what about the digital one? While you’re out patrolling the streets, fraudsters are busy operating in cyberspace, pulling off scams with just a phone call and a six-digit code. One of the most rampant—and costly—scams today is OTP fraud.

From the common man to top-ranking officials, no one is immune. The fraudsters are evolving, and it’s time we do too.

What is an OTP and Why is it Targeted?

An OTP (One-Time Password) is a randomly generated code sent via SMS or email to verify transactions and logins. It adds a second layer of security—known as two-factor authentication (2FA). However, fraudsters have found sophisticated ways to get their hands on these codes, leading to financial loss, identity theft, and in some cases, compromised national security information.

Shocking Stats Every Policeman Should Know

• According to NCRB, India recorded over 50,000 cases of online financial fraud in 2023 alone.
• OTP fraud makes up over 35% of all reported digital banking frauds.
• On average, victims lose ₹15,000–₹2,00,000 per scam depending on the attack vector.
• Many cybercriminals use VoIP numbers or spoofed helpline numbers to impersonate bank officials.
   

Modus Operandi: How OTP Fraudsters Trap Victims

Fraudsters come with well-scripted dialogues and believable identities. Here’s how they do it:

1. Phishing Calls & Messages

Pretending to be from your bank, telecom provider, or even government services like UIDAI or the Income Tax Department.

They say:

• “We’re updating your KYC; please share your OTP.”
• “You’ve won a cashback offer, but need to verify via OTP.”
• “There’s an issue with your salary credit; verify now.”
   

2. Fake Apps & Malware Links

You receive a message asking you to download an app or click a link. Once clicked:

• Your device may get infected with malware that reads OTPs silently.
• Or, you may be taken to a fake website collecting credentials.
   

3. Screen Sharing Apps

Fraudsters may ask victims to install screen-sharing tools like AnyDesk, QuickSupport, or TeamViewer, claiming it's for “technical support.” Once installed, they can see everything—especially your OTPs and passwords.

4. Social Engineering Tactics

They play on your trust, fear, or curiosity. From urgent requests to emotional appeals, their goal is always the same: get that OTP.

Red Flags Policemen Must Watch For

• Callers asking for OTP, CVV, ATM PIN, or UPI PIN
• Emails or texts with urgent deadlines and unknown links
• Unusual activity on bank accounts or sudden SMS about OTPs you didn’t request
• App download suggestions from non-official sources
• Caller IDs pretending to be from government helplines

Prevention Protocols Every Policeman Must Follow

1. Never Share OTPs—Not Even with "Officials"

No bank, government body, or IT technician will ever ask for your OTP or ATM PIN. If someone does, it’s a red flag.

2. Double-Check the Source

Before clicking a link or downloading an app, verify it from the official website or app store. Better still, cross-check with the department’s cybersecurity team.

3. Say NO to Screen Sharing Apps

Never install apps like AnyDesk or TeamViewer if asked by someone unknown. These are used for remote access and can lead to data theft.

4. Set Strong Mobile Security

• Use biometric locks for your apps.
• Keep your device’s anti-virus software up to date.
• Block and report suspicious calls and SMSs.
   

5. Keep an Eye on SMS Alerts

The bank sends you OTPs even for transactions you didn’t initiate. Treat this as a sign your credentials might be compromised.

Cyber Hygiene for the Force: Department-Level Recommendations

• Organize monthly cyber safety drills for officers and staff.
   
• Issue departmental advisories on trending scams and digital red flags.
   
• Install endpoint protection on departmental devices.
   
• Set up a dedicated cyber response unit within police forces to handle internal and public complaints effectively.
   

What To Do If You Fall Victim

1. Report Immediately to 1930 – India’s cyber fraud toll-free number. Timing is crucial.
    
2. Log complaint on cybercrime.gov.in.
    
3. Contact your bank and freeze transactions.
    
4. Submit written FIR if the fraud amount is significant.
    
5. Preserve all evidence—screenshots, SMS, emails, and call logs.
    

Legal Backing: Know the Acts That Protect You

OTP fraud falls under several Indian laws, including:

• Section 66C & 66D of IT Act: Identity and cheating by personation.
• Section 420 IPC: Cheating and dishonestly inducing delivery of property.
• Section 43A of IT Act: Compensation for failure to protect data.
   

Law enforcement personnel must know these sections not just to protect themselves, but also to help others file complaints correctly.

Final Thoughts: Digital Vigilance Is the New Beat

As India advances in digital transactions, the threats grow. Being in uniform doesn’t make you immune—it makes you a prime target. Why? Because scammers assume that officers may not suspect digital deceit.

It’s time to break that assumption.
Stay aware, stay updated, and spread awareness.

You wear the uniform to protect others. Don’t forget to protect yourself—in the digital world too.

Cyber Hygiene Foundation