is that a scam?
United States India
EN
English हिन्दी मराठी ಕನ್ನಡ
← Back to all scams
HIGH banking

A "bank" calls about credit card reward points and asks for an OTP

A caller claims to be from your credit card bank (HDFC, ICICI, SBI, Axis) offering to convert expiring reward points into cashback, gift vouchers, or a higher credit limit. To "process" it, they ask for the OTP that just arrived on your phone — that OTP authorizes a fraudulent transaction.

Also known as: credit card reward redemption scam, HDFC / ICICI / SBI rewards call, card-not-present OTP fraud

What to do right now

  1. 1 Never share OTP, CVV, full card number, or PIN with anyone calling you, even if they sound official
  2. 2 Cut the call. Look up the bank's customer care number on the back of your card and call them directly if you want to check
  3. 3 Real reward redemption happens inside the bank's app or website — never over a cold call
  4. 4 If you shared an OTP, block the card immediately through your bank's app or by calling the back-of-card number
  5. 5 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
  6. 6 Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).

Was remote-access software installed?

If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.

Run SeraphSecure to detect and remove it →

Red flags

  • Bank never asks for OTP, CVV, full card number, or PIN over a phone call. Ever
  • Caller knows your name and last 4 digits of card — easily bought from data leaks
  • Pressure: 'points expire today,' 'limited-time conversion'
  • OTP message text often says it's for a transaction or login — not for reward 'verification'
  • Call comes from a mobile number (+91 with random digits), not the bank's official contact center

The OTP-over-phone scam is one of the highest-volume card frauds in India. The trick works because banks have spent years training people to expect OTPs as legitimate verification — so people give them up without thinking.

The single rule that ends this category of scam: an OTP is never a verification code for someone else. It is always for an action you are about to authorize. If someone on the phone needs your OTP, they are about to do something to your account. Hang up.

Sources