
As online scams make it to the news headlines every day, the fear of falling prey to this exploitation is very real. Digital transactions have become routine and gained prominence as also seen with a new form of anxiety that is quietly rising its head among shoppers. The basis of this fear and anxiety is the misuse One-Time Password (OTP). Designed to be a security measure that protects users, the OTP is yet increasingly being exploited by fraudsters as a prime access point to sensitive banking information. This especially concerning since Indian’s lost Rs 177 Cr in 2024 to online scams, including ones using the OTP.
Remarkably sophisticated and relying heavily on social engineering tactics these scamsters manipulate human psychology. They impersonate bank representatives, online service providers, and even government agencies, like the police to create a false sense of urgency. The fake calls they place usually insist on immediate action thus pressurising recipients to disclose OTPs or other sensitive information without much time for a rethink. This is a well-planned act carefully enacted to override common sense and prompt hasty responses from even the most cautious and well-read individuals.
Beyond impersonation, these modern attackers have been employing Smishing (SMS phishing) and Vishing (voice phishing) techniques to their advantage. In smishing, users usually receive fraudulent text messages containing malicious links or requests for OTPs. Vishing is more direct with phone calls, often using realistic caller IDs and scripts to mimic official communication channels. Usually they are highly convincing, and difficult for unsuspecting individuals to distinguish between a legitimate request and a scam.
A host of factors are engaged to ensure shoppers fall for such attacks. A lack of awareness about the technique’s employed remains a primary risk factor working to the scammers advantage. Individuals are generally unfamiliar with the tactics of phishing, smishing, and vishing, leaving them open to easy deception. Contributing to making things complicated is the inadequate cyber hygiene that prevails in the country. Weak passwords, reusing credentials across multiple platforms, and neglecting software updates are the order of the day. But in realty these are opportunities that benefit fraudsters. Poor security practices like sharing OTPs over unsecured channels or failing to verify caller identities only further exacerbate the risk of OTP scams.
Financial consequences apart, these scams have unleashed a constant threat of deception and introduced a new layer of psychological stress among shoppers. There are instances of people experiencing hesitation before completing online transactions, second-guessing every digital interaction, and avoiding certain services altogether. This anxiety undermines the convenience and efficiency that digital payments are really meant to provide. It creates a paradox where security measures like OTPs themselves contribute to stress.