OTP Scam

Your phone is infected by malware. The malware can then read your messages that contain the OTP and compromise your account. You are duped into revealing the OTP to a fraudster on-call/SMS/Email. Hackers can contact you via SMS, pretending to be your friend or relative, and will ask for a one-time password (OTP) they may have sent on your number by mistake. 

If you share the OTP then hackers will get access to your account and all your personal messages and media. The hacker can then send messages to your friends/relatives and can also ask for money from them.  What to do if this scam happens:- 

One should immediately reset WhatsApp and log in again. To avoid the scam, it’s always advisable to not share any information without confirming if the message is genuine. Also, you may activate the two-factor authentication on WhatsApp to increase your account’s security. 

The new scam poses a serious threat as recently, WhatsApp received the nod for its UPI-based Payments facility from the National Payments Corporation of India (NPCI) which also uses OTPs for transactions. In view of this, if your WhatsApp account gets compromised, then not just the data, hackers are likely to get hold of your bank account details. 

There have been incidents of frauds on other UPI apps as well in the past.

A one-time password (OTP), also known as one-time pin, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password-based authentication.

A number of implementations also incorporate two factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows (such as a PIN).

One-time password (OTP), a commonly used two-factor authentication, is considered an effective deterrent against criminals trying to steal money from your bank account through online transactions. Not any more.

There have been a large number of cases in which criminals duped bank customers into revealing OTP or accessed it by hacking the smartphone. But now they have found another way to bypass the OTP deterrent — by requesting your bank to change your phone number linked to your bank account.A criminal can just walk into a bank, impersonate you, request a change in your registered mobile number and use the new connection to receive OTPs for transactions.

Another way criminals can dupe a bank customer is to contact a mobile operator with fake identity proof and get a duplicate SIM card.The operator deactivates the original SIM and the criminals generate OTP on the new number and conduct online transactions.

Following Precaution Needs to be taken:-

1. Never disclose your OTP and PIN number to any person.
2. No Bank or other institution will ask for credentials lik OTP, PIN, CVV number or other credentials.
3. Don’t attend any call or disconnect calls if the other person asks your OTP, PIN, CVV number or other credentials.
4. If you have installed a True caller and the name displays as a bank manager or the name of your bank, don’t believe that caller immediately without probing him.