Account Access scam guide

OTP and credential theft

Credential theft uses calls, fake support, phishing pages, job forms, KYC warnings, or delivery messages to collect OTPs, UPI PINs, CVV, passwords, and recovery codes.

Report this scam View all categories

Risk signal

Credential capture

Severity

critical

Group

Account Access

Common identifiers

Add identifiers that can be matched safely across reports, profiles, payments, and evidence without exposing unnecessary private data.

01

Phone number

Use the exact phone number shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

02

Phishing URL

Use the exact phishing url shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

03

Caller ID

Use the exact caller id shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

04

Account

Use the exact account shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

Evidence to preserve

Keep proof in original form where possible. Screenshots help, but transaction IDs, URLs, timestamps, and chat context make moderation stronger.

01

Fake page URL

Capture fake page url with date, time, sender, URL, or transaction context visible where possible.

02

Call logs

Capture call logs with date, time, sender, URL, or transaction context visible where possible.

03

Messages

Capture messages with date, time, sender, URL, or transaction context visible where possible.

04

Transaction alerts

Capture transaction alerts with date, time, sender, URL, or transaction context visible where possible.

First response

These steps reduce further loss and keep your report useful for review, banking escalation, platform reporting, and official complaints.

01

Change compromised passwords

Do this early: change compromised passwords helps reduce repeat contact, preserve proof, and keep escalation options open.

02

Block cards/accounts

Do this early: block cards/accounts helps reduce repeat contact, preserve proof, and keep escalation options open.

03

Never share OTP or PIN

Do this early: never share otp or pin helps reduce repeat contact, preserve proof, and keep escalation options open.

Urgent money loss

If money was recently transferred, call 1930 first and raise a bank or payment-app dispute. Speed matters for fund-freeze attempts.

Privacy boundary

Do not upload OTPs, passwords, full card numbers, full Aadhaar, private documents, or unrelated intimate media. Use masked, relevant evidence whenever possible.

Related categories

Similar fraud patterns

SIM takeover

SIM swap fraud

Mobile number takeover used to intercept OTPs and access banking, email, or social accounts.

Unauthorized login

Account takeover

Unauthorized control of email, social, wallet, marketplace, or banking accounts.

Fake login

Phishing link scam

Fake links that steal logins, card details, OTPs, personal data, or payment credentials.

Screen control

Remote access app fraud

Scammers make victims install screen-sharing or remote-control apps to steal money or data.

KYC panic

KYC update fraud

Fake bank, wallet, telecom, or account KYC warnings used to steal credentials or money.