Beware Of OTP Fraud, You Could Lose Lakhs

Bengaluru : India has taken to digital banking in a large way and this number is set to boom in the next few years. But this has also led to different kinds of online frauds like online banking frauds including stolen credit card or debit card information, cloning of debit or credit cards, phishing or fraudulently making customers give their own information, stolen PIN number or banking passwords, hacked accounts and mobile apps which have become quite common nowadays. It is said that India has the highest rate of online banking frauds in the world.

The latest scams to join the list are the stolen CVV and OTP numbers through fraudulent calls and emails, where customers are hoodwinked and unwittingly share these details.

But now in the latest scam to hit the country is the OTP theft scam which recently surfaced in the Southern city of Bengaluru. This scam has flummoxed the Cyber crime police and Cyber security experts as the scamsters have slipped away without a clue and stolen lakhs of Rupees.

OTP and the SMS based 2-factor authentication have been considered to the safest method for protection from online scams, but cyber criminals have found a way to break that security also.

So how does this OTP theft happen? Read on...

One Time Passwords (OTP) is a safe method for online banking transactions, where the user gets a unique number required for bank transfers and other transactions.

Now in the latest OTP scam the number is stolen through a malware which is put on the caller's phone where the fraudsters do it by making a fake call posing as bank tele- callers/ employees.

1. They call the victim posing as bank employees and speak about renewing or upgrading their existing debit/credit card for better benefits

2. If the victim falls for it then they ask for the debit/credit card number, CVV, expiry date of the existing card as a part of the upgrade process.

3. The victim shares the existing card details to get a new card

4. They will tell the victim to share the SMS to confirm the process to upgrade card.

5. Along with the SMS a link is sent as a software upgrade and the if the victim clicks to confirm the card upgrade , a malware is immediately installed in the victim's phone that redirects all OTP SMSes to the fraudster's phone.

6. They tell the victim to resend the SMS so that they confirm the card upgradation to make the victim think its part of the process as they cant access SMSes.

7. Once they get to know the software is installed and with the card details -CVV, expiry date and card number in hand the they start unauthorised transactions

8. Any OTP victim gets is redirected to the fraudster’s phone through the malware

9 They use the card details for fraudulent online transactions and when they get the redirected OTP number they complete transactions.

10 By the time the victim sees the messages from the bank, the fraudsters would have swindled lakhs of rupees.

It is becoming increasingly imperative for banks and the government to take preventive measures and make the customers aware of such transactions and not to give details of their Credit/Debit cards details over the phone time and again.

Also Read: Can You Lose Money Over Missed Calls? SIM Card Fraud Hacks Phones To Loot Money In Crores