OTP or one-time password was introduced as an added layer of security for banking transactions and also for website logins. However, if you think it is a safe bet to protect yourself from scams, you need to think again. Now, there’s a new type of OTP theft scam that has been worrying the citizens in Bengaluru. While lakhs of rupees have already been stolen using this method, the worst part of the scam is that fraudsters are slipping away without getting caught.
According to a report on ET, IT employees in Bengaluru have been the victim of this scam. Cyber-crime police have managed to figure out how the scammers operate. In most cases with OTP thefts, victims were either conned into giving away their OTP, or some sort of malware app was used to gain system access, and read SMSes. Scammers first access OTPs on victim’s smartphone, and then use them to transfer money from their account.
“India as a country has not taken privacy seriously. Most of the time, most hackers are able to find out the bank you are banking with,” Harsha Halvi, co-founder of TBG Labs told the publication. The fraudsters call the victim posing as a bank employee asking them to renew or upgrade credit / debit cards to get better benefits, such as cashbacks, lounge access at airports. The victims are then asked to share card details and CVV number, after which an OTP is sent on their number for confirmation. Unless one doesn’t give the OTP number to scamsters, it is all fine.
“The thefts were initially of relatively small amounts of ₹5,000-10,000. However, of late, larger amounts ranging from ₹50,000 to up to a few lakhs, have been stolen. We have not been able to apprehend anyone yet. The victims also include several IT employees,” a source told ET.
Some cyber criminals also use malware programs to hack into victim’s phone and access OTPs. However, for this to work, the user needs to click on a link to activate the malware. The only way to avoid falling prey to such scams is to ensure that you do not click on suspicious links. Also, do not share OTPs with any unauthorized callers.