• Partners
  • Copy Trading
  • Portfolio Management
    • Join Exness
    العربية বাংলা Español Français हिंदी Bahasa Indonesia 日本語 한국어 Português ไทย اردو Tiếng Việt 简体中文

    One-time password (OTP) and verification code scams

    • Updated

    Learn what OTP scams may look like, how to respond to unexpected codes, and what to do if you have shared a code.

    Never share verification codes (OTP). Never confirm an action with a code if you did not request that action.

    What is OTP?

    OTP, or One-Time Pin, is a short, often time-limited verification code sent by SMS, email, authenticator app, Telegram, WhatsApp, voice call, or regional methods (e.g., Zalo). 

    It’s used to confirm identity or approve an action: password reset, changing security settings, approving a withdrawal/transfer, etc. Confirmation via OTP acts as your “signature” approving an action; in other words, treat it accordingly.

    Common tricks scammers use

    • Pretending to be a support agent, a manager, or an “investment specialist”. Scammers may claim they’re a support, security, or compliance representative, or even a “VIP manager” - anything that makes them sound official to reduce suspicion. They may use a confident tone, a logo, or a fake ticket/case number to emulate a standard procedure and gain your trust.
    • Saying your account is “at risk” and you must share a code to “secure it”.
    • Asking you to confirm a login or a change you did not request.
    • Requesting a code you didn’t initiate. If you receive an OTP for a login, password reset, or transaction you did not start, it usually means someone triggered a real action on your account. If you share or enter that code, you’re approving what they started.
    • Creating urgency with “security alerts”. Scammers pressure you to act fast with messages like “suspicious activity detected” or “confirm in 5 minutes.” This can come from a person, a chatbot, an automated call, or a pop-up on a fake page. The goal is to pressure a quick response out of you before you have a chance to verify anything.

    What to do if you receive an unexpected code

    If you receive a code you didn’t request, do not enter it anywhere and do not share it with anyone. This can mean someone is trying to access your account.

    1. Stop immediately:
      • Don’t share the code (even with someone claiming to be from support).
      • Don’t approve anything you didn’t start.
    2. Confirm whether it was triggered by you 
      You may receive a code if you recently:
      • Reset your password
      • Initiated a withdrawal
      • Updated your security settings

    If you didn’t do this, treat it as an attempt to gain control of your account and your funds.

    1. Secure your account now
      • Change your Personal Area password and trading passwords
      • Go to Settings, then Security settings, and select Log out from other devices
    2. Open a support ticket 
      If anything looks unusual, open a ticket in the support hub and tell us you received an unexpected code.

    What to do if you shared a code

    1. Change your Personal Area (PA) and trading passwords immediately.
    2. Change your registered email password and review recent login activity.
    3. Go to Settings, open Security settings and select Log out from other devices.
    4. Open a ticket in the support hub and explain what happened.

    Related articles

      In this article

    Related articles

    Was this content helpful to you?

    Your thoughts matter to us! Sharing your feedback helps us make our materials
even more useful and enjoyable for you

    We’re hard at work updating this content

    We apologize for any inconvenience caused while this page was under maintenance;
    it will be back up and better than ever as soon as possible.

    In the meantime, please browse the Help Center for other articles that may be helpful.