Hyderabad man shares Swiggy OTP over fake Pista House call, order marked “delivered” remotely-funds recovered via support, but warns of rising scams preying on trust amid 150+ cases in city this year.

A Hyderabad resident ordering biryani from Pista House via Swiggy fell for a call from scammers posing as hotel staff, sharing his delivery OTP and seeing the order falsely marked complete.

Waiting over 30 minutes with no arrival, he contacted support to learn the executive was out of city; Swiggy replaced the order free.

Platforms and police urge: never share OTPs by phone. No arrests yet, but victim’s viral post alerts thousands.

Anatomy of the Deceptive Call

The ordeal unfolded swiftly around midday on December 19. The man, whose identity remains anonymous online, tapped into Swiggy for a familiar comfort-biryani from the iconic Pista House in Hyderabad’s Abids area.

Swiggy’s app pinged standard protocol: share the one-time password (OTP) only after verifying the parcel in person.

Ten minutes later, his phone rang with a spoofed caller ID mimicking Pista House. The voice, calm and authoritative, claimed a “system glitch” blocked handover to the delivery executive.

“Just share the code to resolve it,” they urged. Panicked and unquestioning, he complied. Seconds later, Swiggy notified “delivery complete.” No rider appeared.

“I got scammed, and honestly, I feel pretty foolish,” he posted on social media, where the thread exploded with over 5,000 views in hours. Contacting Swiggy support revealed the twist: the assigned executive was in Vijayawada, 270 km away. Scammers had intercepted the OTP remotely, faking completion via the app.

Swiggy issued a replacement within an hour, refunding implicitly through the redo-no monetary loss, but a stark lesson.

Pista House’s outlet manager, speaking off-record to local reporters, clarified: “We never call for OTPs; deliveries go directly via partners.” Swiggy reiterated in a statement: “OTPs are sacred-share face-to-face only.”

Surge in Food Delivery Frauds: Stats and Patterns

Hyderabad’s cybercrime logs paint a grim picture. Cyberabad police reported 152 OTP-related delivery scams since October 2025, up 40% from last year, with losses exceeding ₹2.5 crore in Telangana.

Zomato and Swiggy dominate targets, as scammers exploit high-volume orders during lunch rushes.

“These are low-tech but high-impact cons,” says Inspector Priya Reddy of Hyderabad Cyber Cell. “Spoofed calls use urgency-‘system error,’ ‘missing payment’-to bypass caution.

We’ve traced gangs to Warangal, operating via WhatsApp groups sharing stolen OTPs.” A November raid netted three suspects with 200 pilfered credentials.

Nationally, the Indian Cybercrime Coordination Centre (I4C) flags 10,000 monthly food app frauds, often peaking in metros. Victims skew young professionals; emotional toll rivals financial hits.

“You feel violated,” the biryani victim echoed online, humanising stats: one lapse, endless what-ifs.

Swiggy’s response? App banners, AI-flagged suspicious completions, and 92% refund rates per their December data. Yet gaps persist—riders earn commissions per delivery, unwittingly pressuring rushed handovers.

Broader Context: From Isolated Tricks to Systemic Risks

This isn’t novel; precursors trace to 2022’s early OTP phishing waves, evolving with apps’ contactless boom post-pandemic. Hyderabad joins Delhi, Bengaluru in hotspots, where 24×7 deliveries fuel opportunity.

Last week, a similar Zomato scam in Secunderabad cost ₹1,200; victims there lost funds before refunds.

Police link it to “rural-urban syndicates”: scammers in smaller towns hijack OTPs, marking orders done while insiders siphon food or cash.

Telangana DGP M Mahender Reddy warned last month: “Verify via app tracking, not calls. Report instantly.” I4C’s helpline (1930) handled 15% more delivery queries in Q4 2025.

Platforms invest: Swiggy’s “Safe Drop” pilot uses geo-fencing; Zomato trains riders on red flags. But experts like cyber lawyer Ritesh Bhatia argue for mandates.

“OTP-less deliveries via biometrics or Aadhaar-linked verification could end this,” he proposes, citing EU models.

For readers, vigilance starts simple: screenshot orders, enable two-factor app logins, cross-check rider locations.

The Logical Indian’s Perspective

The Logical Indian applauds this man’s vulnerability-turned-valour, transforming self-doubt into communal armour-a testament to empathy’s power in our hyper-connected world.

Blame-free sharing fosters harmony, urging platforms, police, and users toward collective safeguards without eroding convenience’s joy. Kindness demands we pause amid haste, nurturing trust for coexistence.

True change blooms when we dialogue: What safeguards have saved you from scams, or how can apps evolve? Share below to spark safer streets for all.