Someone called asking for an OTP — what to do next

The single most dangerous thing you can say on a phone call is the 6-digit code that appears on your screen. If a caller has asked for one — whether they claimed to be from your bank, a courier, the IT department, or a delivery executive — here's exactly what to do.

If you did NOT share it

You're safe. Do these three things now:

1. Hang up and block the number.
2. Report it on PhoneLookup as “OTP requested” so the next person sees the warning.
3. Forward the SMS to 1909 (TRAI spam reporting) to help shut the sender down.

If you DID share it — the next 60 seconds matter

1. Open your banking app and check the last few transactions. Block your debit/credit card immediately from inside the app.
2. Call 1930 — the national cybercrime helpline. They can freeze outgoing transactions if the report lands within the first hour (the so-called “golden hour”).
3. File a complaint on cybercrime.gov.in with the caller's number, time, and any transaction reference IDs.

In the next 24 hours

• Visit your bank branch and ask for a written acknowledgement of the cyber complaint.
• Change every password that shares an OTP with that account.
• Enable transaction alerts on email and SMS if they aren't already on.
• Register on TRAI DND (see our DND guide).

How to make sure it never happens again

Print this on a sticky note next to your bed: I will never share any code that arrives on my phone, for any reason, with anyone, ever.

There is no legitimate situation where a real bank, courier, or government employee needs a code from your phone. The only person who should ever type that code is you, into the app or website you opened yourself.