OTP Frauds - learn all about it
One Time Password (OTP) thefts are most common social engineering frauds and the most common form of Phishing frauds in India. People from both urban/rural areas are prone to this type of frauds. Lakhs of rupees have been stolen using this method, but only a few culprits get apprehended.
There are two ways:
(i) In OTP thefts, victims are deceived into giving away their OTP’s on a phone or email or SMS conversations.
(ii) Malware, a software designed to corrupt or gain access to a system that gets the OTP’s in the form of SMS. The offenders, provided with the OTPs, then transfer money from the victims’ accounts to their personal accounts.
The modus operandi is that the OTP theft involves an culprit calling / posing as an imposter
(a) Update or renew credit cards/debit cards details of those receiving phone calls
The victim provides the Card Number and CVV. The scammer then requests the victim to send SMS they have received and assures the unsuspecting victim that all details will be been updated in the system after the victim sends the SMS.
(b) Know Your Customer (KYC) details of those receiving the SMS/Email
The victim gets an SMS/Email having Short Links requesting the users to update the KYC of a Bank/Aadhaar Card or a PAN Card. When the victims open the link and fills up the details including the OTP too, all details are automatically forwarded to the scammers phone, who then carries out money transfer using the OTP from the victim’s account.
(c) Refunds or cash-back or expiring reward points of those receiving the SMS / Email
Scammers trick users to get in touch with them for issues like refund or cash-back or expiring credit card reward points and giving away their details.
How to Safeguard Yourself :
(1) Never share OTP with anyone.
No matter who ever calls you, never give away your confidential OTP over a phone call, WhatsApp or email. Bank Officials never ask for OTP, which means that the person asking for your OTP is trying to deceive you.
(2) Receiving money doesn’t require OTP
We all should realise that OTP is required only for making payments, not for receiving money. There are many cases where people hoping to receive funds have been duped by scammers claiming that they have to share the OTP received on their phone in order to complete receiving the payment.
(3) Don’t use suspicious apps on your smartphone
Scammers also use fake apps to steal OTPs and card details from users. App could pose as a calculator or a password wallet but actually share all your details with the scammers, giving them all the information (card numbers, CVV, OTPs) for them to steal money from your account.
(4) Contact official customer service numbers only
We all should be very careful while raising issues with customer support for service or an issue, it is highly recommended to use the respective Apps inbuilt report feature/email/contact numbers or alternatively take numbers from official websites only. Fraudsters create fake helpline numbers on search engine websites or create fake social media pages of renowned organisations to trick users into getting in touch with them for issues like refund or cash-back or expiring credit card reward points.
(5) Never Share Card Number, CVV and Expiry Dates
It’s very important to note that OTP is not required in case of an international transaction. All the scammer needs is the card number, CVV and expiry date to do an online international transaction. So, never share card number, CVV and expiry dates to anyone.
(6) Other Tips Include
a. Check for https:// and lock icon for secure online transactions
b. Never transfer or receive money while on call
c. Never click on short links more
There are two ways:
(i) In OTP thefts, victims are deceived into giving away their OTP’s on a phone or email or SMS conversations.
(ii) Malware, a software designed to corrupt or gain access to a system that gets the OTP’s in the form of SMS. The offenders, provided with the OTPs, then transfer money from the victims’ accounts to their personal accounts.
The modus operandi is that the OTP theft involves an culprit calling / posing as an imposter
(a) Update or renew credit cards/debit cards details of those receiving phone calls
The victim provides the Card Number and CVV. The scammer then requests the victim to send SMS they have received and assures the unsuspecting victim that all details will be been updated in the system after the victim sends the SMS.
(b) Know Your Customer (KYC) details of those receiving the SMS/Email
The victim gets an SMS/Email having Short Links requesting the users to update the KYC of a Bank/Aadhaar Card or a PAN Card. When the victims open the link and fills up the details including the OTP too, all details are automatically forwarded to the scammers phone, who then carries out money transfer using the OTP from the victim’s account.
(c) Refunds or cash-back or expiring reward points of those receiving the SMS / Email
Scammers trick users to get in touch with them for issues like refund or cash-back or expiring credit card reward points and giving away their details.
How to Safeguard Yourself :
(1) Never share OTP with anyone.
No matter who ever calls you, never give away your confidential OTP over a phone call, WhatsApp or email. Bank Officials never ask for OTP, which means that the person asking for your OTP is trying to deceive you.
(2) Receiving money doesn’t require OTP
We all should realise that OTP is required only for making payments, not for receiving money. There are many cases where people hoping to receive funds have been duped by scammers claiming that they have to share the OTP received on their phone in order to complete receiving the payment.
(3) Don’t use suspicious apps on your smartphone
Scammers also use fake apps to steal OTPs and card details from users. App could pose as a calculator or a password wallet but actually share all your details with the scammers, giving them all the information (card numbers, CVV, OTPs) for them to steal money from your account.
(4) Contact official customer service numbers only
We all should be very careful while raising issues with customer support for service or an issue, it is highly recommended to use the respective Apps inbuilt report feature/email/contact numbers or alternatively take numbers from official websites only. Fraudsters create fake helpline numbers on search engine websites or create fake social media pages of renowned organisations to trick users into getting in touch with them for issues like refund or cash-back or expiring credit card reward points.
(5) Never Share Card Number, CVV and Expiry Dates
It’s very important to note that OTP is not required in case of an international transaction. All the scammer needs is the card number, CVV and expiry date to do an online international transaction. So, never share card number, CVV and expiry dates to anyone.
(6) Other Tips Include
a. Check for https:// and lock icon for secure online transactions
b. Never transfer or receive money while on call
c. Never click on short links more
Viewed by 2113
View all 27 comments Below 27 comments
I have a suggestion which i have started following. Use a simple non internet phone like nokia 1100 for sim thats registered with bank. Whenever one does transaction on internet through laptop or through mobile banking, this other phone will receive the otp that can not be hacked. Its not as inconvenient as it seems. more
Mar 03
Many of the people are not computer or technology sabby. In this digital world, it is difficult to understand the tricks played by the fraudsters. The cyber crime police should take cognizence and take action. more
Mar 02
thanks for the very useful detailed information to save ourselves from the tricks and clutches of the scamsters. more
Feb 24
Very good suggestions, dear Anu. Mostly aged persons are vulnerable to these frauds and also those, who are unwilling to embrace the technology involved in today's banking, irrespective of their education, intellect or financial status. I can put forward another suggestion, as one of my learned advocate friend postulates. Keep at least two bank accounts. Keep a reasonable amount of money in one account which is sufficient, in your opinion, to meet your regular monthly needs, in a few thousands and attach the debit card to that account. Use it only for online transactions, say for purchasing merchandise online, pay your bills, book hotels/ train tickets, buy petrol/gas and so on. Perk your major savings in another bank account where you use cheque facility only, for which you need no OTP/CVV etc. For elderly people, this is a bit of guarantee against losing a big chunk of their hard-earned savings due to a single judgmental mistake. So prevention is better than cure. But mostly people lose money to their greed and lust than to the evil designs of the scamsters. One who believes that the Bank Manager of his bank is so eager to solve his/her KYC problem on a happy Sunday morning when all banking operations are closed is too naive to blame others for the misfortune. And believe me, it happens so regularly. Funny but true! more
Feb 23
Yes this too is very usefull. I follow this. One account for day to day transactions and another account for parking the hard earned money. more
Mar 03
