From few years, cyber fraudsters are thriving by duping several banking customer’s hard earned money through various OTP based scams. Read on to know why OTP based fraud remains a threat for all of us…
From past three years, a lot of Indians have moved towards digital financial transactions. While it has made life convenient on some level, it has also given rise to a number of fraudulent cases ending up in people losing money.
Despite repeated alerts messages by banks and the police, people continue to fall victims to the most rudimentary tricks of online fraudsters. Last month, there was another warning from that was sent out to all its customers after a number of reports about customers receiving calls and are required to give an OTP (One-Time-Password) over the phone.
Technically speaking, an OTP (One-Time-Password) is a pin or password is used as two-factor authentication is valid for only one login session or transaction, on a computer system or other digital device, this pin is usually sent to a customer across various networks for different services on different devices and is only valid for one login. This PIN is sent and requested for things like online banking verify purchases and online transactions.
In a typical OTP scam, fraudsters usually adopt the tried and tested method of ringing up their victims posing as bank officials and ask for the OTP in the guise of renewing their expired debit or credit card. Another ploy of fraudsters is to ring up unsuspecting people and ask for the OTP in the name of linking Aadhaar, or redeeming reward points of their debit or credit cards. Following these duping incidents of OTP scams, banks and cyber police issue a public advisory warning against falling into the hands of online fraudsters by sharing OTP/ATM pin/CVV numbers with strangers.
Impersonation is also a quick and simple way to carry out an OTP fraud. Another way criminals can dupe a bank customer is to contact mobile operator with fake identity proof and get a duplicate SIM card. The operator deactivates the original SIM and the criminals generate OTP on the new number and conduct online transactions.
Nowadays, in the latest OTP scam the mobile number is stolen through a malware which is put on the caller’s phone where the fraudsters dupe their victims by making a fake call posing as bank customer care tele-callers or employees.
The standard process of using OTP or the SMS based 2-factor authentication was once considered to be the most effective deterrent against criminals trying to steal money from your bank account through online transaction. But it is not any more.
There has been a large number of cases in which criminals duped bank customers into revealing OTP or accessed it by hacking the smartphone. But now they have found another way to bypass the OTP deterrent — by requesting your bank to change your phone number linked to your bank account. A fraudster can just walk into a bank, impersonate you, request a change in your registered mobile number and use the new connection to receive OTPs for transactions.
Looking at all the OTP scams, One-Time-Password is not time-tested protection against the latest online banking fraud. It is an irony that despite repeated alerts and warnings from the banking officials and cyber police, innocent people still fall prey to OTP frauds.