Stopping Scam Calls & OTPs

TL;DR

Scam calls and unwanted one-time passwords (OTPs) are a pain. This guide shows you how to block them, report them, and protect your accounts.

1. Understand the Problem

There are two main issues:

• Scam Calls: Criminals use automated systems (robocalls) or spoofed numbers to try and trick you into giving them money or personal information.
• Unsolicited OTPs: These usually mean someone is trying to access your accounts using a password they shouldn’t have. It’s often an attempt at account takeover.

2. Block Scam Calls

1. Register with the Telephone Preference Service (TPS): This won’t stop all calls, but it makes it illegal for legitimate companies to cold call you. Register online at https://www.tps.org.uk/
2. Use Call Blocking on Your Phone: Most smartphones have built-in features:
   • iPhone: Go to Settings > Phone > Silenced Unknown Callers and turn it on. This sends calls from numbers not in your contacts directly to voicemail.
   • Android: The method varies by manufacturer. Look for options like ‘Filter spam calls’ or ‘Block numbers’ in the phone settings. Many Android phones also have a built-in caller ID and spam protection feature (often powered by Google).
3. Install a Call Blocking App: Apps like Truecaller, Hiya, or Nomorobo can identify and block known scam numbers. Be aware of privacy implications when granting these apps access to your contacts.

3. Deal with Unsolicited OTPs

1. Don’t Enter the OTP: This is crucial! If you didn’t request it, don’t use it. Entering it confirms its validity to the attacker.
2. Change Your Passwords Immediately: For any account that *might* be affected (e.g., email, banking, social media). Use strong, unique passwords for each account.
   • Password Managers: Consider using a password manager like LastPass or 1Password to generate and store secure passwords.
3. Enable Two-Factor Authentication (2FA) Everywhere Possible: This adds an extra layer of security, even if someone gets your password. Use authenticator apps (like Google Authenticator or Authy) instead of SMS-based 2FA whenever you can – SMS is less secure.

   # Example using Google Authenticator (setup varies by service)
   # Download the app and scan the QR code provided when enabling 2FA
   

4. Check Account Activity: Look for any suspicious logins, transactions, or changes to your account settings.

4. Report Scam Calls & OTPs

1. Report to Action Fraud: This is the UK’s national reporting centre for fraud and cyber crime. https://www.actionfraud.police.uk/
2. Report to Your Phone Provider: They may be able to block the number or investigate further.
3. Report to the Service Affected (for OTPs): If you receive an OTP for a specific service (e.g., your bank), contact them immediately.
   • Example: Reporting to Your Bank: Call their fraud hotline directly – don’t use numbers found online, as these could be fake.

5. Protect Yourself

1. Be Wary of Unexpected Calls or Messages: If something seems too good to be true, it probably is.
2. Never Give Out Personal Information: Banks and legitimate companies will *never* ask for your PIN, password, or full security details over the phone or by email.
3. Keep Your Software Updated: This includes your operating system, browser, and antivirus software. Updates often include security patches.

   # Example - Checking for Windows updates:
   Settings > Update & Security > Windows Update > Check for updates
   

4. Be Careful What You Click: Avoid clicking on links in suspicious emails or messages.