How to avoid falling prey to OTP fraud

     

     

    The convenience of managing finances at our fingertips comes hand in hand with a growing vulnerability to digital attacks. Arming yourself with knowledge, maintaining good digital hygiene and staying vigilant can be your shield against such frauds.

    From local tea stalls to luxury brands, digital payments have become the preferred mode of transaction for Indians across the board.

    However, the convenience of managing finances at our fingertips comes hand in hand with a growing vulnerability to digital attacks. As technology advances, so do the tactics of cybercriminals, and unsuspecting consumers often find themselves falling prey to these issues.

    As the name suggests, One Time Passwords (OTPs) are single-use, dynamic and valid only for a very short duration, usually measured in seconds or minutes. They add an extra layer of security by reducing the window within which they can be used (and misused) and their strength lies in their transient nature. The time-sensitivity and one-time use make them far more secure than static passwords.

    The generation of OTPs often involves complex algorithms, ensuring that each code is random and unpredictable. This method aims to counter automated attacks and provide a robust defence against unauthorised access. Nevertheless, in some cases, even these protective measures prove futile if the user is not careful.

    Today, OTP-related frauds and interception of OTPs by malicious entities have become increasingly common. As per a recent Reserve Bank of India (RBI) report, the number of frauds relating to the ‘cards and internet’ segment alone increased to 12,069 cases (approximately worth Rs 630 crore) during H1FY24 as against 2,321 cases amounting to Rs 87 crore in the same period last year.

    Beware of fraudsters' efforts to elicit OTP

    Cybercriminals employ various sophisticated methods, including phishing and social engineering tactics, to circumvent security measures. Phishing typically involves tricking the user through seemingly bona fide emails, messages, or phone calls, coercing them to divulge sensitive information such as OTPs, account particulars, or Personal Identification Numbers (PINs).

    Social engineering takes this a step further by manipulating individuals into voluntarily sharing their OTP, often by impersonating a trusted entity or creating urgent, believable scenarios. In fact, these types of fraud are rising in scale and frequency with the ascendency of AI and the ease with which imposter communication can be created in mass.

    So, how is one supposed to navigate this new normal? If you understand how OTPs and other digital authentication tools work, it will become easier to recognise and avoid any potential intrusion.

    Follow a no-sharing policy

    Being cautious of unsolicited requests for your OTP or personal information, especially via communication channels like phone calls or emails, can go a long way in combating fraud. It is essential to verify the legitimacy of websites or correspondence from trusted sources before responding or sharing sensitive information.

    Today, many e-commerce websites use OTPs as an added security measure to support delivery of the order to the right person. Even in such cases, it is crucial to verify the identity of the delivery person as e-commerce companies will often provide the name and contact details of the delivery agent via SMS beforehand, which can be used for verification when sharing the OTP.

    OTP without transaction? Take prompt action

    Always remember that OTPs are meant solely for the intended recipient and for a specific transaction. Receiving an OTP without initiating a process is a red flag, signalling potential unauthorised attempts to access sensitive information.

    You should actively track your account and immediately report to the concerned authorities or institutions in case of any suspicious activity. Whenever feasible, activate two-factor authentication for online accounts. This auxiliary layer of security necessitates not only the OTP but also an additional verification modality.

    Update changes in mobile number, address

    We often ignore the importance of updating contact information with banks and financial institutions. The timely updating of details like email IDs and mobile numbers ensures that important alerts, including OTPs and login notifications, are received by the right person.

    One of the most common scams involves malware-infested links disguised as cash prizes or discounts, which are very inviting to the user but can be used to extract information. Another one of the other seemingly innocuous ways to access personal information is when users grant permissions to apps.

    Consumers should ensure the legitimacy of apps and provide only essential permissions to safeguard against the potential theft of OTPs and other sensitive data.

    Digital hygiene is key

    The increasing sophistication of OTP scams is a stark reminder of the continuous battle against cybercrime. While OTPs offer a significant security advantage, their efficacy depends on our understanding and handling of them.

    Arming yourself with knowledge, maintaining good digital hygiene and staying vigilant can be your shield against fraud. By doing this and spreading the word, we can effectively leverage OTPs for their intended use - to protect our digital transactions and personal information.

    Sajish Pillai is Managing Director and Head—Assets and Strategic Alliances, Consumer Banking Group, DBS Bank India

    As featured in Moneycontrol