A new scam reported online is raising concerns about how fraudsters are misusing delivery verification OTPs to take control of shopping accounts. This particular case involves a user who shared their experience about a suspicious incident connected to a Meesho delivery, but the tactic itself can happen on many e-commerce platforms.
The situation highlights how scammers are becoming more creative and how a simple OTP can be enough for them to manipulate orders, returns, and payments.
How The Incident Happened:-
The victim mentioned about this scam in Reddit. In the reported case, the victim received a call from someone claiming to from a delivery service (Expressbees). The caller sounded convincing and mentioned that a delivery required confirmation. To complete the process, the caller asked for an OTP that had just been sent to the victim’s phone. Believing it was a normal delivery procedure, the user shared the code. Shortly after, unusual activity started appearing in their account.
The scammer began initiating return requests for items worth around ₹4000. The most suspicious part was that the pickup location was changed to another state, something the victim never requested. The victim tried to cancel the requests repeatedly, but the scammer kept submitting them again and again.
Eventually, one of the items was picked up successfully. The user also noticed that payment details had been modified, and an unknown UPI ID had been added. This showed that the scammer had gained access to the account and was attempting to redirect refunds.
How This OTP Delivery Scam Works:-
This type of scam is known as an OTP based delivery scam. It works because many people assume that OTPs are only used for confirming deliveries. Scammers exploit this trust. They call pretending to be delivery agents, courier partners, or customer support representatives.
They create a sense of urgency by saying the delivery cannot proceed without verification. Once the victim shares the OTP, the scammer uses it to log into the account or authorize changes such as return requests, address updates, or payment modifications.
After gaining access, scammers usually move quickly. They may initiate returns for valuable items, change pickup addresses, and redirect refunds to their own payment accounts. In some cases, they may also place new orders using stored payment details. By the time the victim notices, the damage is already done.
Common Red Flags To Watch:-
There are several warning signs in such scams. One major red flag is receiving a call asking for an OTP before the delivery has even arrived. Legitimate delivery agents usually do not need you to verbally share an OTP over the phone.
Another suspicious sign is being told that the product delivery wasn’t updated. Sudden changes in pickup location or refund details are also strong indicators that something is wrong.
Why These Scams Are Increasing:-
These scams are becoming more common because online shopping has increased significantly. People frequently receive delivery calls, making it easier for scammers to blend in. Fraudsters also rely on the fact that many users reuse passwords or keep accounts logged in on multiple devices. Once they gain access through OTP verification, they can easily navigate the account and make changes.
Another factor that helps scammers is the return and refund system. Many platforms allow returns within a short window, and scammers exploit this feature. They initiate returns for items that are still with the victim, change the pickup address, and arrange for the product to be collected from the wrong location. If successful, they get both the product and the refund.
Risks Beyond Financial Loss:-
Users should also be aware that scammers may attempt identity theft through such access. Once inside the account, they can view personal details such as name, address, phone number, and order history. This information can later be used in other scams. That’s why even a small mistake like sharing an OTP can have broader consequences.
What To Do If You Shared an OTP:-
If someone accidentally shares an OTP, immediate action is crucial, such as:-
- Change the account password right away.
- Check all saved addresses and remove any unfamiliar ones.
- Review payment details and delete unknown UPI IDs or cards.
- Log out of all devices if the option is available.
- Contact customer support and report the issue.
- Take screenshots of suspicious activity as evidence.
- Consider filing a complaint with cybercrime authorities if financial loss occurs.
- Report the incident to help track patterns and prevent future scams.
How To Stay Safe:-
To stay safe, users should follow a few simple precautions such as:
- Never share OTPs with anyone, even if the caller claims to be from delivery services.
- Always verify delivery updates through the official app instead of relying on phone calls.
- Be cautious if someone asks for verification before the delivery arrives.
- Regularly monitor account activity, especially after receiving unexpected calls.
- Enable additional security features, if available, for extra protection.
- Educate family members, especially those who frequently shop online.
- Remember that scammers often target people who are less familiar with digital security.
- Share awareness with others to reduce the chances of falling victim to such fraud.
Final Thoughts:-
This OTP based delivery scam shows how easily scammers can take control of online shopping accounts. A single shared code allowed the fraudster to initiate returns, change payment details, and attempt to redirect refunds.
While platforms may continue improving their security, users must remain cautious. OTPs should always be treated like passwords and never shared with anyone.
Staying alert, verifying calls, and acting quickly if something suspicious happens can help prevent losses and keep accounts secure.
Leave a Reply