I shared my OTP what now

If you shared a one-time passcode, act quickly but stay calm. Someone may use that code to try to log in, approve a payment, reset a password, or take over an account.

Example

We need to verify your account. Reply with the 6-digit code we just sent to your phone so we can stop suspicious activity.

5 red flags

• Someone asked for your one-time passcode by text, call, chat, or email.
• They said it was urgent or claimed your account was at risk.
• They pretended to be from your bank, a delivery company, or a support team.
• The code arrived while you were speaking to someone or using a suspicious link.
• They told you not to tell anyone or pushed you to act immediately.

What to do now

Start with the account linked to the code. Change the password immediately. Sign out of other sessions if that option is available. Turn on two-factor authentication again if needed, but only through the official app or website.

If the code may have been used for banking or card payments, contact your bank or card provider straight away. Tell them you shared a one-time passcode and want help securing the account. Review recent transactions, saved payees, and account recovery settings. If the same password was used anywhere else, change it there too.

Also check your email account. If someone gets access to your email, they may be able to reset other accounts.

Official UK reporting links

FraudSentry is independent and is not affiliated with or endorsed by these organisations.

• Report fraud or phishing to Action Fraud
• Report suspicious texts by forwarding them to 7726
• Report suspicious emails and websites on GOV.UK

Related guides

• Royal Mail scam text
• DPD scam text
• All scam guides