OTP/PHISHING/VISHING FRAUDS

HOW CRIME HAPPENS?

 

A one Time Password is a security feature that enables online users and services providers to secure transactions with an additional layer of protection. It is the process of authenticating an online communication or transaction with an OTP that is sent by service provider to the registered mobile number/mail id of the customer.

The cyber fraudsters have been using different Modus Operandis to make victims to divulge their personal and financial information like, their name and address, account numbers, OTP details etc. The following are the main Modus Operandis being used by the cyber criminals.

​

Citizens must aware that for all cyber crimes, the basic necessary tool for cyber criminals is having your basis data like your phone number, bank details, and other personal information. Using this information, they indulge all cyber crimes and loot money from victims.

​

1. Vishing (Voice Phishing)-

 

The fraudsters always use fake phone numbers, text messages, voice-altering software, and social engineering to lure online users into divulging their personal and financial sensitive information.

Whenever a fraudster calls a targeted victim, they always claim that they are calling from bank/RBI/online shopping websites executives, and any fake identity and lure the victim to divulge his financial information on the pretext of usually in on the following reasons

​

1. KYC updation, Credit/debt card cancellation, credit limit enhancement etc

2. Offering free gifts,

3. Easy loans,

4. They tell that victim wins free gift in their shopping and for delivering it, they ask them to give their OTP and even for cancellation also they send link and when victim click on cancel it asks OTP which actually receives by the victim from their genuine online banking operation being operated by the fraudster and once the OTP shared, his money will be gone.  

​

Sharing your OTP on the fake links send by fraudsters may lead to your financial loss, data loss, mobile and systems be infected and they take control of them. Other modus operandi like KEYSTROKE CAPTURING, PHISHING also work on clicking on malicious links send by fraudsters. Once victim clicks over theses links, all the information including financial information, OTPs etc stores in his computer or mobile will be stolen by fraudsters. Using this information, they siphon off the money from the accounts of the victims.

 

​

Types of OTP SMS Fraud

​

Though the OTP send through SMS offers enhanced security, fraudsters have invented various following methods to lure victims to divulge their sensitive information.

​

1.SMS Spoofing: SMS spoofing is a technique used by fraudsters to change the sender information on a text message, making it appear as if it is from a legitimate source. By spoofing the sender, fraudsters can deceive recipients into clicking on malicious links or providing sensitive information.

2.Smishing: Smishing is a type of fraud where criminals use SMS messages to trick recipients into revealing personal information or financial details. These messages often impersonate legitimate organizations, creating a sense of urgency or fear to prompt recipients to take immediate action.

3.SIM Swapping: SIM swapping involves fraudsters hijacking a user's mobile number by impersonating them and convincing the mobile operator to transfer the number to a new SIM card. With control over the mobile number, fraudsters can intercept OTP SMS messages and gain unauthorized access to accounts.

4.SMS Grey Routes: SMS grey routes refer to the unauthorized routing of SMS messages through unmonetized channels, bypassing legitimate mobile operators. This practice not only affects mobile operators' revenue but also poses a security risk as these routes may be exploited for fraudulent activities.

5.SMS Spam: SMS spam refers to unsolicited and irrelevant text messages sent to mobile users. While not directly financially harmful, SMS spam is a nuisance, wasting users' time and potentially exposing them to fraudulent schemes.
 

   PRECAUTIONS TO BE TAKEN TO PREVENT THIS CRIME.

 

1. It’s a blunt sign that no bank or service provider asks any of their customers to share their OTP, CVV, PIN etc and if anybody claiming to be a bank/service provider representative and ask for OTP, he is a fraudster.  
    

2. Never click on the links on instant messages and SMS received from unverified and unknown sources.
    

3. Never share your details by filling up forms provided online through unsolicited messages or links.
    

4. Ensure to keep checking your messages / emails to be aware and take immediate action in case an OTP is generated without your knowledge.
    

5. Don’t install any third-party apps by providing unnecessary permissions as it can compromise the device security.
    

6. Always ensure to only use the contact details provided in authentic/official websites for clarifications or service-related information or avail services.
    

7. Never install screen sharing apps like anydesk/team viewer etc., on the advice of any service provider or executive who are fraudsters.
    

8. Never use contact details of service providers, that are found in google search or provided in the mails/ messages received.
    

9. Always visit trusted websites to do your online shopping.
    

10. Keep your device secured with antivirus, anti-malware solutions.
     

11. Keep track of your digital payments.
     

12. Check the security aspects of the website, such as whether the site is secured with https//:or a padlock on the browser address bar.
     

13. Never respond to emails that ask about your personal information and account details.
     

14. Change your passwords frequently.
     

15. Always use a secured internet connection.
     

16. Avoid using public Wi-Fi for doing financial transactions.
     

17. Don't click on suspicious links offering discounts or prizes that seems too good to be true.