In a disturbing trend, thousands of mobile phone users across India are reporting an overwhelming surge in One-Time Passwords (OTPs) arriving on their phones within seconds, despite having made no requests for these codes. The barrage of OTPs has been traced to legitimate businesses, including well-known names like Bajaj Finserv, Tata 1MG, BYJU’S, and Daily Fresh, alarming users who initially assumed the messages were legitimate. However, experts warn this pattern signals a new kind of phone-based scam potentially targeting users’ data or seeking unauthorized access to accounts.
High-Volume OTP Floods from Trusted Sources
These OTPs, usually sent to authenticate identity or secure transactions, have been coming in rapid succession to unsuspecting users. Many users have reported receiving dozens of OTPs within seconds, creating confusion and concern. Such codes typically originate from a trusted source to confirm or complete a transaction, but in these cases, recipients were not attempting any action that would have triggered these messages.
The Truecaller app, widely used to track and identify spam, reveals that many of the phone numbers delivering these messages are linked to reputed telecom companies such as Vodafone-India, Tata Indicom, and Airtel. Some of these numbers are reported to have made an astonishing two million calls in just two months, indicating the magnitude of this suspicious activity.
Corporate Names Misused in Scam
The use of major brand names in these unsolicited OTPs has deepened concern among consumers and security experts. Businesses like Bajaj Finserv, Tata 1MG, BYJU’S, and Daily Fresh have built substantial credibility in their respective sectors, so the appearance of their names in these OTP messages initially provided a sense of legitimacy, tricking users into believing these were genuine communications. Cybersecurity experts, however, are advising users to exercise caution, as these OTPs may be part of a larger scheme to gain unauthorized access to user accounts or collect data for malicious purposes.
Possible Origins and Mechanism of the Scam
Subscribers suggest that this flood of OTPs may be the result of automated systems abusing the OTP mechanisms of these companies, essentially generating fake requests en masse and sending them out at a rapid pace. While the exact motive remains unclear, some speculate that this could be a way to overwhelm mobile users with unnecessary messages, leaving them frustrated and potentially leading to security oversights. Others theorize that the OTP deluge may be part of a social engineering tactic, hoping to bait users into clicking links or calling back to numbers associated with the scam.
Truecaller has flagged a number of the originating numbers, which reportedly have made millions of OTP-related calls in recent months. While it remains unclear whether these numbers are entirely genuine or manipulated to appear as though they’re from major service providers, the high volume of calls signals a well-orchestrated scheme that capitalizes on trust in established brands.
Warning to Mobile Users
People are now cautioning mobile users to remain vigilant. If an unexpected OTP appears without a user-initiated request, and advise ignoring the message and refraining from clicking any links within the message or responding to it in any way. Responding to these unsolicited OTPs, even out of curiosity, may give scammers valuable information, allowing them to expand their reach or even lead to compromised accounts.
Mobile users are also urged to keep their phone security settings tight by enabling two-factor authentication on all sensitive apps and accounts, and by limiting the sharing of phone numbers to avoid unwelcome spam. Additionally, users are encouraged to report suspicious numbers to their mobile service provider or directly through apps like Truecaller, which can help identify and flag such numbers for other users.
Growing Need for Corporate and Telecom Vigilance
Given the legitimate businesses being impersonated, there is a call for companies such as Bajaj Finserv, Tata 1MG, and BYJU’S to work closely with telecom providers to safeguard their OTP systems against exploitation. Similarly, telecom companies like Vodafone-India, Tata Indicom, and Airtel are encouraged to take further preventive measures to identify and block the origin of these mass OTPs, ensuring that users are not subjected to undue harassment. Both parties have a vested interest in upholding customer trust and preventing the misuse of trusted brand names in scams.
India’s Cybersecurity Response
With India’s increasing reliance on digital payments and online transactions, cybersecurity concerns are paramount. As such, the government may be urged to introduce further safeguards and ensure stricter oversight of OTP issuance and authentication protocols to prevent similar incidents in the future. This recent wave of unsolicited OTPs underscores the need for robust measures to protect consumers from deceptive and potentially harmful digital activity.
For now, the best advice for users is to stay alert, ignore unexpected OTPs, and regularly review account activity for any unauthorized attempts. The flood of OTPs serves as a reminder to mobile users in India to exercise caution, particularly when dealing with sensitive data or authentication codes, and to protect themselves against this latest wave of digital threats.
