Be aware of OTP Frauds / Theft
An OTP or One Time Password is security feature that enables online users and services providers to secure transactions with an additional layer of protection. It is the process of authenticating an online communication or transaction with an OTP that is sent by service provider to the registered mobile number/mail id of the customer. As the digital financial transactions and activity rose, this additional layer was introduced to act as an time bound authentication mechanism for safe transaction of sensitive data and money online.
However fraudsters have found new means and schemes to commit OTP frauds and misuse the feature to defraud the digital users to commit financial frauds.
OTP Theft - Means adopted by fraudsters / fraudulent means
OTP fraud is executed by fraudsters by deceiving digital users into sharing OTP in following ways
- Over a call posing with fake identities
- In person with fake identities and fake reasons
- Malware infested links to users to download malware that can read OTP
- Financial loss
- Breach of data
- Malware attack
- Mobile and system hack
- Fraudsters impersonating as executives from companies/agencies/institutions
-Call/meet individual users on different fake pretexts like
- Free gifts/offers/discounts etc.,
- Easy loans
- Online shopping executive
- KYC updation
- Credit limit enhancements
- Food delivery executives
-They convince them to share OTP for providing service and commit fraud
- Fraudsters sending fake links that are malware infested on various pretexts to capture OTP
- Fraudsters adopting various social engineering techniques to con people into revealing OTP
- Contact users as online shopping executive on fake pretext that their order placed is being delivered.
- When customer refuses to be placed the order, the send them link to cancel order
- The fraudster requests the user to share the OTP received to confirm cancellation of order.
- Once the customer shares the OTP the fraudster uses it to commit financial fraud.
- Never share or disclose OTP with anyone, know that any genuine service provider would never request user/customers to share any sensitive details like OTP, CVV, PIN etc.,
- Avoid clicking on the links on instant messages and SMS received from unverified and unknown sources.
- Do not proceed to provide or share details by filling up forms provided online through messages or links.
- Ensure to keep checking your messages / emails to be aware an take immediate action in case an OTP is generated without your knowledge.
- Do not download any third party apps by providing unnecessary permissions as it can compromise the device security.
- Do not use the contact details of service providers, that are found in google search or provided in the mails/ messages received.
- Always ensure to only use the contact details provided in authentic/official websites for clarifications or service related information or avail services.
- Do not agree to install screen sharing apps like anydesk/team viewer etc., as suggested by any service provider or executive.
- Ensure to properly dispose unused sensitive documents like pass books, cheque books, aadhar cards etc., and avoid sharing the photocopies with strangers.
- In case of any issue immediately inform your service provider and block your card to avoid any further misuse.
- Report incidents related to cyber frauds on cybercrime.gov.inor call toll free no.1930