A new form of one-time password (OTP) theft recently came to light in Bengaluru, according to a recent news report, wherein a fraudster posing as a bank employee asked for customers’ OTP for ostensibly updating their credit/debit card details. While techies in the city reportedly lost large sums of money, no one has been arrested yet. While fraudsters got innovative in Bengaluru, the problem of OTP theft is much wider and is routinely reported from other cities, including Mumbai, Jharkhand and Kozhikode, as well.
While a lot of us may think that cases of OTP theft are about irresponsible customer behaviour, first-time online banking users, senior citizens, among others, are quite vulnerable to it. In Kerala, OTPs of about 10 people were stolen by unidentified callers across the state. In Mumbai, a woman shared her OTP 28 times with someone who identified himself as a banker which helped the perpetrator swindle her of nearly ₹7 lakh.
OTPs are a popular method for ensuring security for almost all kinds of financial transactions. From net banking to ordering food to paying your bills online, OTPs are used a lot. So how do you ensure you don’t become a victim of an OTP theft?
How it happens
OTP thefts typically occur in two ways. One, your phone could be infected by a malware, which can be used to tap into your messages containing the OTP. Two, you could get duped into revealing your OTP by a fraudster.
You could also be sent links that are used to corrupt your phone. Clicking on such links can provide unwarranted access to fraudsters, making it easy for them to get your OTPs. On tapping into the messages and after procuring the OTP, fraudsters typically transfer money from the victim’s account to their own.
If your phone is compromised, then all the OTPs will be diverted without you realising it.
Individuals who are new to mobile or online banking should be careful because OTP thefts could involve a person identifying himself as a bank employee and asking you for your credit or debit cards details with a promise to help you with completing a transaction or ensuring better services. They could con you into revealing your card number and CVV and then ask you to share the OTP received by you as a message from the bank and cheat you into completing an unauthorised transaction.
What you should do
Remember that no bank will ever ask you to read out your card details for verification or renewal over a phone call. As a rule, never share your card number, CVV or OTP verbally with anyone. Once your card details are compromised, then all the money in your credit or savings account could be emptied.
In case you’re making a booking through a phone call, say for movie tickets, remember that you will be asked to punch in your card details on the phone keypad. If the operator asks you to read out the details, you are in for trouble so never fall prey to such demands.
If you receive SMSes from random numbers which look different or contain encrypted text with links, do not get tempted to click on them. These could be used to corrupt your phone. Always use your discretion while clicking on links received by unknown numbers. If you are asked to forward messages that contain your OTP, don’t give in because an OTP is meant for securing your transactions. Giving it to somebody else could help them divert your transactions for their benefit.