As online scams make it to the news headlines every day, the fear of falling prey to this exploitation is very real. Digital transactions have become routine and gained prominence as also seen with a new form of anxiety that is quietly rising its head among shoppers. The basis of this fear and anxiety is the misuse One-Time Password (OTP). Designed to be a security measure that protects users, the OTP is yet increasingly being exploited by fraudsters as a prime access point to sensitive banking information. This especially concerning since Indian’s lost Rs 177 Cr in 2024 to online scams, including ones using the OTP.

Remarkably sophisticated and relying heavily on social engineering tactics these scamsters manipulate human psychology. They impersonate bank representatives, online service providers, and even government agencies, like the police to create a false sense of urgency. The fake calls they place usually insist on immediate action thus pressurising recipients to disclose OTPs or other sensitive information without much time for a rethink. This is a well-planned act carefully enacted to override common sense and prompt hasty responses from even the most cautious and well-read individuals.

Beyond impersonation, these modern attackers have been employing Smishing (SMS phishing) and Vishing (voice phishing) techniques to their advantage. In smishing, users usually receive fraudulent text messages containing malicious links or requests for OTPs. Vishing is more direct with phone calls, often using realistic caller IDs and scripts to mimic official communication channels. Usually they are highly convincing, and difficult for unsuspecting individuals to distinguish between a legitimate request and a scam.

A host of factors are engaged to ensure shoppers fall for such attacks. A lack of awareness about the technique’s employed remains a primary risk factor working to the scammers advantage.  Individuals are generally unfamiliar with the tactics of phishing, smishing, and vishing, leaving them open to easy deception. Contributing to making things complicated is the inadequate cyber hygiene that prevails in the country. Weak passwords, reusing credentials across multiple platforms, and neglecting software updates are the order of the day. But in realty these are opportunities that benefit fraudsters. Poor security practices like sharing OTPs over unsecured channels or failing to verify caller identities only further exacerbate the risk of OTP scams.

Financial consequences apart, these scams have unleashed a constant threat of deception and introduced a new layer of psychological stress among shoppers. There are instances of people experiencing hesitation before completing online transactions, second-guessing every digital interaction, and avoiding certain services altogether. This anxiety undermines the convenience and efficiency that digital payments are really meant to provide. It creates a paradox where security measures like OTPs themselves contribute to stress.

Addressing this anxiety requires both awareness and action. Users can protect themselves by following these steps:

Never share OTPs with anyone, under any circumstances.

Verify identities independently, for instance by calling the official customer service number rather than responding to unsolicited calls.

Use secure networks and update devices to minimise vulnerabilities.

Educate themselves about common phishing and scam tactics, including the latest social engineering techniques.

Experts have long emphasised on users being the strongest defence against fraud when they stay informed. By practising good digital habits and remaining vigilant, shoppers can reclaim confidence in online transactions while significantly reducing their stress. Awareness campaigns, regular updates on cyber threats, and user-friendly security measures also have a critical role in ensuring that our defences remain fortified.

Finally, while OTP scams represent a real and growing threat, and the resilience of well-informed users is equally formidable. By staying alert, exercising caution, and following robust cybersecurity practices, shoppers can master the digital marketplace with confidence, keeping anxiety at bay while benefitting from the convenience that online transactions have to offer.