You must not share Aadhaar and its OTP with anybody

The deadline to link Aadhaar with various financial services like bank accounts, mutual funds, insurance, mobile phone connections as well as your permanent account number has been indefinitely extended by the Supreme Court recently. But there are still some places where you will need to submit Aadhaar, like when opening a new bank account or getting a subsidy. 

While the deadlines have been extended, fraudsters are trying to take advantage of the earlier deadline of 31 March to call individuals and extract data from them, which can further be used to commit fraud. If you get a call asking for any bank-related details, do not disclose anything.

The entire effort of the fraudster would be to get hold of crucial details that can enable her to make a transaction, from, say, your bank account or e-wallet. In many cases, cyber security experts say, they would already have some details about an individual, which can be used to partially get through a transaction. Usually, the last leg of a transaction is the OTP that you receive on your phone or mail. The fraudster would insist that you share that OTP, which will then allow her to complete the transaction. 

 For the past many years, fraudsters have been using the method of convincingly calling individuals to get bank account, and debit or credit card details. In the past few days, many people have complained of threatening calls during which the caller claims that their bank account, debit or credit card, or mobile connection would be disconnected if the instructions of the caller are not followed. The person being called is first asked to share their Aadhaar number. Then the fraudster claims that an OTP has been sent to complete the linking process. Using an individual’s Aadhaar number and the subsequent OTP, the fraudster can take a print of your Aadhaar online and also change some demographic details, such as mobile phone number, in the Aadhaar database. This, of course, will happen if the phone you are using is the one that is linked to Aadhaar.

If the fraudster changes your registered mobile number in the database, then all the Aadhaar-based authentication OTPs would land in that mobile phone instead of yours.

It is also possible that Aadhaar linking is being used to just get the OTP from you to complete a transaction through your bank account. 

Another possibility is getting the call from the fraudster claiming to be from a telecom company. This is most likely an attempt at either getting an OTP to complete a transaction, or to get some of your SIM details so that they can get another SIM card for the same number. In such cases, it is likely that the fraudster already has some information about your finances and wants to get control of your mobile phone number. 

Fraudsters keep changing their approach to get details from people over calls. You should be aware that no bank or financial institution would ask for sensitive details like your debit or credit card number, bank account number, card expiry, CVV or ATM PIN or an OTP.

If you get an OTP, you must physically enter this on the Web interface yourself. When linking Aadhaar, always use official channels like the bank’s or financial institution’s website or mobile app, even though the deadline has been extended indefinitely for now.