If you think OTP or one-time password SMS-based two-factor authentication is the safest bet to protect yourself from online banking scams, then you might be mistaken. Of course, hacking OTPs (or any two-factor authentication) is not easy and offers far greater security than just standard passwords.

However, a new type of OTP theft scam is worrying citizens in Bengaluru. The worst part of this scam is that the fraudsters are slipping away, leaving no clues to get traced. People have lost lakhs to this new scam and Bengaluru cyber crime police have figured the modus operandi. Here is everything you need to know about this dangerous OTP scam.

  1. People are losing lakhs to this dangerous OTP online banking scam
  2. OTPs are required for online bank transfers and other transactions, the new scam simply steals these OTPs for unknown transactions
  3. The OTPs are stolen either by planting malware on victims phone or through fake call centres posing as bank employees
  4. It all starts with a call from someone who claims to be an employee with the bank
  5. The fraudster posing as a bank employee talks about renewing or upgrading existing debit/credit card of the victim
  6. The fraudster asks for debit/credit card number, CVV, expiry date of the existing card to upgrade it to a new card
  7. The victim believing that the ‘bank employee’ shares his/her existing card details to get a new card with better benefits
  8. After this, the fraudsters tells that the victim will receive an SMS to confirm the card upgrade
  9. This SMS comes with a link which the victim unknowingly happens to click to confirm the card upgrade
  10. The link on SMS simply installs a malware on the victim’s phone that redirects all OTP SMSes to the fraudster’s phone
  11. Sometimes the fraudster tells the victim to resend the SMS to the sender to confirm the card upgradation
  12. As the fraudster already knows the card details (CVV, expiry date and card number) of the victim, he initiates unauthorised transactions
  13. To authenticate the transaction, the moment the OTP reaches the victim’s phone it gets redirected to the fraudster’s phone through the malware
  14. Once the fraudster gets the OTP, the transaction can be easily verified
  15. With this trick, fraudsters have emptied bank accounts of several people across the country.


Source:- gadgetsnow