FPJ Cyber Secure: OTP Breach, A Rising Cybersecurity Threat

Mumbai:Recently, parliamentarian Dayanidhi Maran reported that ₹99,999 was siphoned off from his account. The most shocking aspect of this cyber fraud was not only that a lawmaker was targeted but also the fact that the cons succeeded in bypassing the security feature of one-time password (OTP).

All of us are well-aware about the concept of OTP as not a single day passes in our lives without receiving these codes. As we now heavily rely on digital transactions, it's need of the hour to better understand how cyber crooks manage to bypass this safety feature. And, such a talk should start with a focus on the question: what exactly is an OTP?

These numeric or alpha-numeric strings are used by financial institutions and other services to verify the transaction's authenticity. In simple words, it's to make sure that the money is getting deducted with your permission. That's the reason why there is a unique OTP for each and every transaction.

However, scammers are constantly evolving their tricks and it seems that they found ways to bypass the OTP safeguard. It makes one wonder how fraudsters lurking in digital space can breach these codes. “Scammers can use techniques like SIM swapping, phishing or malware to get around OTPs. Sometimes, they can gain access to your phone number, intercept OTPs or trick you into revealing the code through phishing,” explains cybersecurity expert and Advocate Khushbu Jain. Detailing the complicated and illegal technique of SIM cloning, she said that such a modus operandi helps cons to divert OTPs or intercept text messages. Telecom providers and law enforcement agencies are actively working to stop these activities.

Cybersecurity measures to stop OTP bypass

Another way to collect your personal information is a peek into your social media profiles wherein contact details and photographs are available at a click. “Cyber fraudsters use various methods like phishing emails, social engineering and data breaches to access personal information and bypass security. They can gather data from public sources, exploit software vulnerabilities or trick people into revealing sensitive information. Staying vigilant, using strong passwords and regularly updating security can help reduce these risks,” cautioned Jain.

Tricks used by cyber cons to bypass OTP safeguard:

SIM swapping

Scammers collect personal information by peeking into a target's social media profile or contacting their telecom provider. Assuming identity, they procure a new SIM on the pretext of losing the original one. Henceforth, OTPs land on new SIMs.

Phishing

Fraudsters send fake emails, texts or make calls, often claiming to be from a bank or trusted service. They trick targets into clicking on suspicious links or downloading such apps.

Malware

Accessing somebody's device via malicious softwares which rigs gadgets, giving control to scammers

Account takeover

After gaining access to a target's email or other sensitive accounts, cons reset passwords, control communication with your bank, and authorise transactions without OTPs