There has been a marked rise in the number of cases involving bank one-time password (OTP) bypass scam in the past few years.
In this type of scam, scammers can bypass the OTP authentication process to gain access to an individual’s online accounts, including bank accounts, email accounts, and social media accounts.
Usually, a fraudster tries to trick a gullible victim into parting with their OTP sent to a mobile phone to keep the online accounts safe. They may do this by pretending to be a trusted company representative or even a friend who needs a code. They may also deploy sneaky tactics to steal the code.
It is often that scammers may use any of the following methods to bypass OTPs, which include:
Phishing: A scammer may send fraudulent emails, text messages, or websites that may impersonate legitimate organisations, such as banks, social media platforms, or online retailers. Such messages claim that the recipient is required to urgently verify their account by entering their OTP. An unsuspecting victim may unknowingly provide their OTP this way.
Vishing or social engineering: In this, a cybercriminal may impersonate someone known to the victim, pretending to be in a difficult situation, such as needing immediate access to an account. They request the victim to provide the OTP to help them thus manipulating the individual into sharing it.
SIM swapping: A scammer may trick the mobile service provider into transferring the victim’s phone number to a new SIM card, which is available with the fraudster. After getting control of the individual’s phone number, a scammer can receive OTPs that may have been originally intended for the victim.
Fake apps or malware: A scammer might lure an unsuspecting individual into installing malicious apps or software on their devices; these can intercept or steal OTPs once they are generated.
After a fraudster has bypassed an OTP, they can log in to the individual’s account and carry out fraudulent activities, which could be transferring money, making purchases, or stealing sensitive data.
A few of the tips that can be adopted to protect from bank OTP bypass scams include:
Always remain wary of unsolicited calls, especially a WhatsApp call from an international number, emails, and SMS messages.
Create strong passwords and enable two-factor authentication on all of the online accounts.
At the same time, ensure devices and software are up to date. Software updates often include security patches that can aid in protecting devices against malware.
In addition, be careful when clicking on links or opening attachments. These could pose a high risk to a mobile phone or device.
In case an individual becomes a victim of an OTP bypass scam, report the matter immediately to the bank or other financial institutions. Besides, change the passwords for all online accounts and also enable two-factor authentication.
Rajiv is an independent editorial consultant for the last decade. Prior to this, he worked as a full-time journalist associated with various prominent print media houses. In his spare time, he loves to paint on canvas.