Don’t Share Your OTP With Anyone! dtac Warns of Online Scammers During COVID-19

August 3, 2021 – dtac warns that widespread online scamming and phishing attempts are rising since the COVID-19 crisis. These malicious requests often ask for the user’s one-time password (OTP) under false pretenses. Users should be particularly cautious of attention grabbing messages promising fast cash:

  • 1,000 Baht transferred to your account, click now
  • Your 50,000 Baht assistance is transferred to your account, click now
  • Congratulations, you’ve won 100,000 Baht, click here
  • Your COVID personal loan has been approved, click now


The fraudulent messages contain links leading to the installation of malware that can collect personal data from the infected mobile phone. The data can be used to make transactions that can cause serious financial loss to the phone’s user, such as transferring all the money in their bank account to a scammer.

A one-time password or OTP is usually a number with 4 or 6 digits. It allows banks and other services to securely authenticate the user in an online transaction. The OTP can be used only once and within a limited time. Users who request an OTP when making a transaction must never share that OTP to anyone else. With the OTP, scammers can take over a bank account using a mobile banking app, change the linked mobile phone number and make online purchases without the true account owner being notified.

To improve security awareness, dtac is adding a warning message in every SMS containing an OTP to urge customers to not share their password with anyone else for risk of being scammed.

One of the tell-tale signs of a successful OTP phishing attempt is when the user’s SIM for the mobile phone number linked to a mobile banking app goes out of service. Users experiencing such issues are advised to contact their network operator immediately to determine if they have been the victims of a scammer.