A man recently shared his experience on Reddit, detailing how he was nearly tricked into paying Rs 44,000 on September 7. According to his post, he received a call from someone posing as an HDFC Credit Card Department representative, offering him a lifetime free card. Interested, he agreed, and the caller requested an OTP to log in to mycard.hdfc.com. Without verifying, he shared the OTP.
The caller then confirmed his address and the last four digits of his card, gaining his trust. She asked him to provide the card’s details, including the CVV and card number, which he did. She ended the call after saying a senior executive would follow up.
A couple of hours later, the man received another call, once again requesting an OTP. This time, the message referenced PhonePe, alerting him to a potential scam for a transaction of Rs 44,000.
The message stated: "OTP is 682241 for txn of Rs 44,020.00 at PHONEPE PRI on HDFC Bank card ending 5401. Valid till 01:29. Do not share OTP for security reasons."
The first OTP was used to gain credibility, while the second was an attempt to authorise a fraudulent transaction.
A survey by LocalCircles has found that 47 per cent of Indians have encountered financial fraud in the past three years. The study, which included 23,000 respondents from 302 districts, highlighted that UPI and credit card fraud are the most common types of financial fraud.
How do you identify a fraudulent call?
More From This Section
“Honestly, it’s hard to tell from just a phone call,” Shobhit Goyal, Founder and CEO of BeFisc, tells Business Standard. “The credit card application process usually takes place on the bank’s official website or app, so customers should always verify if the process described by the caller aligns with that.”
He recommends customers check the legitimacy of any website using tools like Google’s Safe Browsing Transparency Report.
Paritosh Desai, Chief Product Officer at IDfy, added, “Scammers often create a sense of urgency and use pressure tactics. They might ask you to call back on a specific number. They also make offers that sound too good to be true, like rewards or money in exchange for a transaction.”
Desai emphasised that bank officials never request OTPs, so any such request should immediately raise suspicion.
Amit Relan, Co-Founder and CEO of mFilterIt, advised looking for telltale signs like poor grammar or unfamiliar accents. He warned, “If the caller asks you to transfer money, make immediate payments, or send funds to a ‘safe account’, it’s likely a scam.”
Why do even tech-savvy individuals fall for such scams?
Rishi Agrawal, CEO and Co-Founder of Teamlease Regtech, explained the tactics used by scammers: “They prey on emotions like fear, panic, and greed. Even people who are aware of online security can fall victim because scammers exploit these vulnerabilities, making people believe their money is at risk or that they’ll receive fake rewards.”
He added that scammers often impersonate figures of authority, like bank managers or government officials, to gain trust. “They even mimic the robotic voices used by banks, making the call seem more legitimate,” Agrawal says.
"The frequency of telemarketing calls and OTPs can make it difficult to spot fraudulent ones. “Even tech-savvy individuals can fall for these scams because we’re so used to the process that we sometimes miss the red flags,” Desai added.
How can platforms like PhonePe prevent such scams?
Goyal suggested several ways to reduce fraud:
— detecting unusual transaction patterns
— using device fingerprinting for high-value transactions, such as requiring face ID for approval
— enhancing OTP systems by requiring additional inputs, like the last transaction amount or an answer to a security question
Agrawal pointed out that digital platforms are already working to combat fraud. “Many platforms use two-factor authentication (2FA), real-time fraud detection powered by AI, and strict KYC procedures.”
Platforms also send out regular warnings about scams and notify users of transactions via SMS or email, helping them quickly spot unauthorised charges.
What steps should banks take?
Goyal believes banks should list their authorised credit card partners on their websites and impose strict penalties on partners who violate their terms. This would help limit the number of credit card-related scams.
What should you do when receiving unsolicited credit card calls?
He recommends:
— never sharing sensitive information like OTPs
— resisting pressure from the caller
— reporting fraudulent calls and transactions immediately
— using official banking channels for transactions
— being cautious of offers that seem too good to be true
"Credit card users to be suspicious of unsolicited calls. “Banks and credit card companies generally don’t initiate these kinds of calls. If you’re unsure, hang up and contact the official customer service number for your bank,” Desai says.
What if you’ve already shared sensitive information?
“If you’ve been tricked, contact your bank immediately to block unauthorised transactions. Change your passwords and security settings and keep a close eye on your account for suspicious activity,” Relan recommends.
Agrawal added, “You should also report the incident to the local police station and the National Cyber Crime Reporting Portal.”
Here’s what to do if you’ve shared sensitive information:
1. Contact your bank immediately.
2. Block or freeze your card.
3. Change your password and card PIN.
4. Report the scam to the payment platform.
5. Check your account statement for any unauthorised transactions.