In today’s digital age, bank scams are becoming increasingly sophisticated, allowing scammers to bypass one of the fundamental security measures: One-Time Passwords (OTPs). Scammers employ various techniques – including SIM swapping, phishing, and malware, to gain access to your phone number, intercept OTPs or even trick you into revealing these critical codes through deceitful means.
SIM SWAPPING: A DEVIOUS TAKEOVER
One method scammers use to sidestep OTPs is known as SIM swapping. This intricate scheme involves several steps, starting with gathering personal information about the victim. Scammers use online research or data breaches to compile details like your name, phone number and more. Armed with this data, they contact your mobile service provider.
During this call, the scammer often impersonates you, claiming they’ve lost their SIM card. Armed with the personal information they’ve collected, they can respond to security questions with alarming accuracy. If the mobile provider falls for this ruse, they deactivate your SIM card and activate a new one in the scammer’s possession. This transfers control of your phone number to the scammer.
With your phone number now under their command, scammers can intercept OTPs sent by your bank or other services. These OTPs, intended to secure your accounts, are instead misused to gain unauthorized access and initiate transactions.
PHISHING: THE ART OF DECEPTION
Phishing is another strategy that scammers employ to extract sensitive information, including OTPs, from unsuspecting victims. The modus operandi of phishing is as follows:
Scammers send fraudulent emails, text messages or make phone calls that closely mimic legitimate sources, often impersonating your bank or a trusted service provider. These messages typically convey a sense of urgency or threaten consequences, such as imminent account closure if you fail to act swiftly.
Victims are then directed to fake websites or apps that appear strikingly similar to their authentic counterparts. Herein lies the trap: when individuals log in or provide information on these phony sites, scammers swiftly capture this data. In some cases, the phishing attempts might boldly request OTPs, often under the guise of verifying your identity or account, thereby stealing the keys to your financial kingdom.
MALWARE: THE SILENT INTRUDER
Malware, a category encompassing various types of malicious software, represents yet another method by which scammers can compromise your security and gain access to OTPs:
Scammers may lure victims into downloading malware by disguising it within seemingly innocuous files or links. These downloads often originate from untrustworthy sources, making them harder to spot.
Among the capabilities of malware is the deployment of keyloggers, which silently record every keystroke you make. Consequently, your login credentials and OTPs are captured as you enter them.
In more advanced scenarios, certain malware provides scammers with remote access to your device, granting them control over your accounts. This enables them to bypass OTPs and wreak havoc on your financial well-being.
In conclusion, scammers are a resourceful lot and they exploit both technical vulnerabilities and human psychology to bypass OTPs and compromise bank accounts. Protecting your financial security requires a multi-faceted approach. Start with robust, unique passwords for each online account, keep your software updated to thwart malware and educate yourself and your family about evolving scams. Always verify the authenticity of communications, enable multi-factor authentication and regularly monitor your accounts for suspicious activity. If someone has fraudulently withdrawn money from your bank account, inform your bank immediately. Dial helpline number 1930 and register a complaint at cybercrime.gov.in Limit your loss- give a missed call on 14440. Proactive measures are your best defense against those who aim to exploit OTPs and compromise your finances.
(Khushbu Jain is a practising advocate in the Supreme Court and founding partner of the law firm, Ark Legal.)