One Time Password (OTP) thefts are most common social engineering frauds and the most common form of Phishing frauds in India. People from both urban/rural areas are prone to this type of frauds. Lakhs of rupees have been stolen using this method, but only a few culprits get apprehended.
There are two ways:
(i) In OTP thefts, victims are deceived into giving away their OTP’s on a phone or email or SMS conversations.
(ii) Malware, a software designed to corrupt or gain access to a system that gets the OTP’s in the form of SMS. The offenders, provided with the OTPs, then transfer money from the victims’ accounts to their personal accounts.
The modus operandi is that the OTP theft involves an culprit calling / posing as an imposter
(a) Update or renew credit cards/debit cards details of those receiving phone calls
The victim provides the Card Number and CVV. The scammer then requests the victim to send SMS they have received and assures the unsuspecting victim that all details will be been updated in the system after the victim sends the SMS.
(b) Know Your Customer (KYC) details of those receiving the SMS/Email
The victim gets an SMS/Email having Short Links requesting the users to update the KYC of a Bank/Aadhaar Card or a PAN Card. When the victims open the link and fills up the details including the OTP too, all details are automatically forwarded to the scammers phone, who then carries out money transfer using the OTP from the victim’s account.
(c) Refunds or cash-back or expiring reward points of those receiving the SMS / Email
Scammers trick users to get in touch with them for issues like refund or cash-back or expiring credit card reward points and giving away their details.
How to Safeguard Yourself :
(1) Never share OTP with anyone.
No matter who ever calls you, never give away your confidential OTP over a phone call, WhatsApp or email. Bank Officials never ask for OTP, which means that the person asking for your OTP is trying to deceive you.
(2) Receiving money doesn’t require OTP
We all should realise that OTP is required only for making payments, not for receiving money. There are many cases where people hoping to receive funds have been duped by scammers claiming that they have to share the OTP received on their phone in order to complete receiving the payment.
(3) Don’t use suspicious apps on your smartphone
Scammers also use fake apps to steal OTPs and card details from users. App could pose as a calculator or a password wallet but actually share all your details with the scammers, giving them all the information (card numbers, CVV, OTPs) for them to steal money from your account.
(4) Contact official customer service numbers only
We all should be very careful while raising issues with customer support for service or an issue, it is highly recommended to use the respective Apps inbuilt report feature/email/contact numbers or alternatively take numbers from official websites only. Fraudsters create fake helpline numbers on search engine websites or create fake social media pages of renowned organisations to trick users into getting in touch with them for issues like refund or cash-back or expiring credit card reward points.
(5) Never Share Card Number, CVV and Expiry Dates
It’s very important to note that OTP is not required in case of an international transaction. All the scammer needs is the card number, CVV and expiry date to do an online international transaction. So, never share card number, CVV and expiry dates to anyone.
(6) Other Tips Include
a. Check for https:// and lock icon for secure online transactions
b. Never transfer or receive money while on call
c. Never click on short links
ANIL RACHAMALLA (End Now Foundation, www.endnow foundation.org)