Know how to protect yourself from the OTP scam?

A phone is a great tool for communication. A mobile phone gives you the freedom to move about and still be connected to other phone users.
A smart phone supposedly gives you even more power to connect to the world via the internet and a plethora of apps some of which come preinstalled on the smartphone and some which you can download and install from the app store.

Mobile technology is a double edged sword

On one end today's mobile technology keeps you connected in the cities as well as the roads, highways and the far interiors thanks to the robust telecom infrastructure and bleeding edge technology.
Yet on the other hand it creates an open channel of communication between scammers and you.
The above sentence may not mean anything to you unless you have been on the receiving end of such a scam.

How does the scam unfold?

There are multiple ways in which the scammers execute the scam and now matter how they plan and execute the scam the idea is to make the targeted victim share an OTP (a one time password) that the scammers use to sweep and clean the victim's bank account.

Here is one way the scam unfolds…
Here the scam starts by the victims receiving a number of missed calls.
Then there are a number of SMS’s from the same number asking the victim that a courier package has been wrongly sent and it bears the victims phone number.
The SMS instructs the victim to call a mobile number and share the OTP received via SMS with the person on the other end who is supposed to be a courier delivery guy who needs the OTP in order to cancel and return a wrongly addressed parcel.

All these missed calls and SMS’s are done to create a sense of urgency and deceive the targeted victim.
If the victim follows the instruction and walks into the scammer's trap the OTP would be used to withdraw money from the bank account of the victim.
If the victim ignores then the scammer starts bombarding the target victim with calls.
In case the victim picks up the call then the scammer who is posing as the courier delivery person sweet talks the victim into sharing an OTP with the scammer?

What is the big deal about sharing this OTP?

To understand this one has to understand how OTP’s are used to validate transaction requests.
Scammers work on a combination of technological exploits as well as social engineering into tricking the victim into sharing OTP’s

The OTP loophole

Many people have the same mobile number linked to their bank account as well as the shopping apps.
Most couriers also require you to mention the recipient's mobile number.
For high value courier deliveries as well as for deliveries where sensitive documents are being shipped such as a bank’s credit card or a chequebook being sent to the registered customer who is suppose to share a OTP sent on the registered mobile number.
This gives the scammers a window of opportunity to trick a user base that is getting in the mode of doing a lot of things online from banking to shopping,

How can you protect yourself from such a scam?

• Make sure you use different phone numbers for online banking and shopping
• Keep the phone number you use for online and online banking as a private number that you should not share online via forms or on forums.
• The mobile number you use for shopping should not be used for banking account linking.
• Keep a track of the online shopping and packages that are due to arrive. Make a note if any of these are required to get a delivery.
• Be vary of the courier guy asking for an OTP for cancelling the delivery of a package which you never ordered.
• Under no circumstances should you be sharing OTP’s with random strangers posing as a courier guy.
  If you are reading this post from outside inleo/hive them you may need an inleo account (free) via this link

cover image source

Posted Using InLeo Alpha