21, Mar, 2024

What to Do If You Get Bombarded with OTPs

Share via

Sarah, a busy marketing professional, was finalizing a client presentation when her phone buzzed. Glancing down, she saw it was a one-time password (OTP) from a shopping website she didn’t recognize. Confused, she dismissed it, attributing it to a colleague accidentally sharing a login attempt. But the buzzes kept coming – different websites, different numbers, all within minutes. Panic started to set in.

A Barrage of Unwanted OTPs:

Over the next hour, Sarah received dozens of OTPs.  Travel agencies, clothing stores, even a food delivery app she never used – the onslaught was relentless.  She tried contacting the websites listed in the messages, but navigating automated menus and long wait times proved futile. Fear gnawed at her.  Was someone trying to hack into her accounts?

Taking Action:

Taking a deep breath,This is what Sarah was guided & decided to do:

  1. Changed Passwords: Starting with her email (the key to many accounts), Sarah changed her password to a strong, unique combination. Then, she proceeded to change passwords for all her other accounts, prioritizing financial institutions and social media.
  2. Enabled Two-Factor Authentication (2FA): Where available, Sarah enabled 2FA, adding an extra layer of security with an authenticator app or fingerprint verification.
  3. Reported the Incident: Sarah reported the suspicious activity to the relevant websites and considered filing a report on the National Cyber Crime Reporting Portal if unauthorized access was suspected.
  4. Monitored Accounts: For the next few days, Sarah remained vigilant, monitoring her accounts for unusual activity.

What Caused the OTP Storm?

There are several possibilities for Sarah’s experience:

  • Credential Stuffing: Hackers might have obtained Sarah’s login credentials (username and password) from a data breach on another website. These credentials are then used in an automated attack, attempting to log in to various accounts.
  • SIM Swap Fraud: In a more sophisticated attack, a hacker could potentially gain control of Sarah’s phone number through a SIM swap scam, allowing them to receive the OTPs intended for her.

The Message: Vigilance is Key

Sarah’s case highlights the importance of online security. Here are some key takeaways:

  • Strong Passwords: Use unique, complex passwords for all your accounts. Consider a password manager to help you create and manage them securely.
  • Two-Factor Authentication: Enable 2FA wherever possible. It adds an extra layer of security beyond just your password.
  • Be Wary of Unsolicited OTPs: Never share OTPs with anyone, even if they claim to be from a legitimate source.
  • Monitor Accounts Regularly: Keep an eye on your bank statements and credit card reports for any unauthorized transactions.

By following these tips and staying vigilant, you can significantly reduce the risk of falling victim to similar attacks. Remember, when it comes to online security, it’s always better to be safe than sorry.

Additional Tips:

  • Beware of Phishing Emails: Phishing emails often try to trick you into revealing your login credentials or clicking on malicious links. Be cautious of emails urging you to take immediate action or those with suspicious sender addresses.
  • Use a VPN on Public Wi-Fi: Public Wi-Fi networks are often unsecured. Consider using a Virtual Private Network (VPN) to encrypt your internet traffic when using public Wi-Fi.

By taking control of your online security, you can prevent your phone from becoming a platform for unwanted OTPs and protect yourself from potential fraud.


Source: Cases reported on our portal.All identification information has been changed to safeguard the privacy of the victims 

Share via