Name-Sharyu Adhao

MBA FINANCE(3rd Semester)

Roll.no- 14( PRN-1820132)

Subject- Buiseness Journalism(2nd

Evaluation)

The Crime Reporting

on

“OTP Theft”: THE CYBER CRIME

 “OTP Theft- One Time Password Theft”, is a new kind of debit and credit card fraud. Not even a
single case has been cracked by the cyber police. Lakhs of rupees are lost by the victims.
 Fraudsters are using software called 'malware' for such thefts. Mainly techies are the victims.
 As per the cyber crime reports, number of cases of debit/credit card frauds, also termed
“vishing”, increased from 880 in 2017 to 2,446 in 2018. OTP theft come under this category.
 We should be aware before sharing the OTP to third party and should take preventive measures.
 The Crime Reporting

on

“OTP Theft”: THE CYBER CRIME

A new form of one-time password (OTP) theft recently came to light in Bengaluru , according to
a recent news report, wherein a fraudster posing as a bank employee asked for customers’ OTP
for ostensibly updating their credit/debit card details. While techies in the city reportedly lost
large sums of money, no one has been arrested yet. While fraudsters got innovative in Bengaluru,
the problem of OTP theft is much wider and is routinely reported from other cities, including
Mumbai, Jharkhand and Kozhikode, Pune, Delhi, Kerala as well.

While a lot of us may think that cases of OTP theft are about irresponsible customer
behavior, first-time online banking users, senior citizens, among others, are quite vulnerable to it.
In Kerala, OTPs of about 10 people were stolen by unidentified callers across the state. In
Mumbai, a woman shared her OTP 28 times with someone who identified himself as a banker
which helped the perpetrator swindle her of nearly ₹7 lakh. In Pune , a techie girl share her OTP
and lost amount of 51000 rupees.

 How it happens?

OTP thefts typically occur in two ways:

1. Your phone could be infected by a malware, which can be used to tap into your messages
containing the OTP.

2. You could get duped into revealing your OTP by a fraudster.

 What you should do?

1. Remember that no bank will ever ask you to read out your card details for verification or
renewal over a phone call.
2. As a rule, never share your card number, CVV or OTP verbally with anyone.
3. In case you’re making a booking through a phone call, say for movie tickets, remember
that you will be asked to punch in your card details on the phone keypad. If the operator
asks you to read out the details, you are in for trouble so never fall prey to such demands.
4. If you receive SMS from random numbers which look different or contain encrypted text
with links, do not get tempted to click on them. These could be used to corrupt your
phone.
5. If you are asked to forward messages that contain your OTP, don’t give in because an
OTP is meant for securing your transactions. Giving it to somebody else could help them
divert your transactions for their benefit.
 The Crime Reporting

on

“OTP Theft”: THE CYBER CRIME

Theft comes in different forms, and attacks from unknown and surprising ways. OTP theft has
become the newest form of theft that has been making the rounds. A new form of one-time
password (OTP) theft recently came to light in Bengaluru, according to a recent news report,
wherein a fraudster posing as a bank employee asked for customers’ OTP for ostensibly updating
their credit/debit card details. While techies in the city reportedly lost large sums of money, no
one has been arrested yet. While fraudsters got innovative in Bengaluru, the problem of OTP
theft is much wider and is routinely reported from other cities, including Mumbai, Jharkhand and
Kozhikode, Pune, Delhi, Kerala as well. 334 cases of OTP frauds were recorded across India.

While a lot of us may think that cases of OTP theft are about irresponsible customer behavior,
first-time online banking users, senior citizens, among others, are quite vulnerable to it. In
Kerala, OTPs of about 10 people were stolen by unidentified callers across the state. In Mumbai,
a woman shared her OTP 28 times with someone who identified himself as a banker which
helped the perpetrator swindle her of nearly ₹7 lakh .In Pune, a techie girl share her OTP and lost
amount of 51000 rupees. Cyber crime personnel said “The thefts were initially of relatively small
amounts of ₹5,000-10,000. However, of late, larger amounts ranging from ₹50,000 to up to a
few lakhs , have been stolen. We have not been able to apprehend anyone yet. The victims also
include several IT employees”.

Harsha Halvi, co-founder of TBG Labs, said OTP theft is more a privacy matter than a
technological one. Perpetrators often gain the victim’s trust by dropping a name for reference,
which would make the victim trust them. And finding information about the victim’s bank is also
easy. “India as a country has not taken privacy seriously. Most of the time, most hackers are able
to find out the bank you are banking with,” he said.. On receiving such calls, people can verify
with the customer care numbers of their banks.The number of cases of debit/credit card frauds,
also termed vishing, increased from 880 in 2017 to 2,446 in 2018. OTP thefts, too, come under
this category of offence.

Cases of OTP Theft:

1. Kozhikade: The number of cases in Kozhikode was just seven last year, it has reached 12
in the first four months this year, according to the statistics from the District Crime
Records Bureau. In November, a man applied for a job in Abu Dhabi and the agents sent
him his visa and air ticket online. Later, they asked him to remit Rs 85,000 in two
installments.On the date of journey, when he reached the airport, the emigration officials
told him that the visa and the ticket had been cancelled.

2. Jharkhand:In India, in the month of August, 2019, Punjab MP Preneet Kaur, wife of
Punjab’s Chief Minister Captain Amarinder Singh became one of the recent victims of
the cyber crime. Ataul Ansari from Jharkhand’s Jamtara fraudulently withdraw over 23
lakhs from her account. He called up Preneet Kaur when she was attending the
Parliament session and told her that he is manager in State Bank of India (SBI) and he
needs her ATM PIN and OTP number immediately as there is some issue in transferring
her salary into her account. After getting the vital information, 23 lakh was withdrawn
from Preneet Kaur’s account in three transactions. Sensing foul play, she lodged a
complaint with the Punjab Police and after a thorough investigation and with the help of
Jharkhand Police, Ataul Ansari was nabbed.

3. Mumbai: An officer of Mazagon Dock lost Rs 75,000 as he was cheated via fraudulent
online transactions. Shivaji Bait, a resident of Parel Village, works as a sub-magistrate in
Mazagon Dock. Fraudster asked Shivaji for the mobile number which was linked to the
bank account for filing an online complaint which the victim readily shared. The trickster
then conned Shivaji to take his OTP and his ATM information as well.

4. Chandigarh: A swindler allegedly duped a Sector 46 resident of Rs 15,998 by

withdrawing the money from the victim’s bank account. Complainant Ajay Kumar
reported that he received a phone call from a person, who claimed to be an SBI
employee. The caller convinced the victim to share information about his credit card. The
 victim also shared the OTP received on his mobile phone. Later, he found Rs 15,998
withdrawn from his account. A case has been registered at the Sector 34 police station.

5. Pune: The craving for a chilled beer and sparkling wine on a dry day left a 32-year
software engineer poorer by Rs 50,778, as she lost the amount because of OTP theft. The
woman techie, who wanted to get the liquor delivered to her home, shared the one time
password (OTP) twice with a man who posed as an employee of a wine shop over the
phone, an officer from the Hinjewadi police said. “Within few minutes, Rs 50,778 was
debited from her bank account through two transaction,” the officer said.

 How it happens?

OTPs are a popular method for ensuring security for almost all kinds of financial transactions.
From net banking to ordering food to paying your bills online, OTPs are used a lot. In OTP
thefts, victims are either conned into giving away their OTPs or a malware — a software
designed to corrupt or gain access to a system — is used to get the SMSes with the OTPs. The
perpetrators, armed with the OTPs, then transfer money from the victims’ accounts to their own.
Officials in the city’s cyber crime police station said the OTP theft involves a person calling
posing as a bank employee, ostensibly to update or renew credit/debit cards of those receiving
the calls. The unsuspecting victim provides the card number and CVV, secure in the knowledge
that any person would still need the OTP to carry out any transaction. The scamster then says
the victim will receive an SMS, which would have to be sent back to the sender. Such SMS,
apparently, are in encrypted form, and do not contain any legible text. However, they are also
links and when the victims click on them, the incoming SMS into the phone is automatically
forwarded to the scamster’s phone, , who then carries out money transfer — using the OTP
from the victim’s account.
OTP thefts typically occur in two ways.
1. Your phone could be infected by a malware, which can be used to tap into your messages
containing the OTP.
2. You could get duped into revealing your OTP by a fraudster.
You could also be sent links that are used to corrupt your phone. Clicking on such links can
provide unwarranted access to fraudsters, making it easy for them to get your OTPs. On tapping
into the messages and after procuring the OTP, fraudsters typically transfer money from the
victim’s account to their own.
If your phone is compromised, then all the OTPs will be diverted without you realising it.
Individuals who are new to mobile or online banking should be careful because OTP thefts could
involve a person identifying himself as a bank employee and asking you for your credit or debit
cards details with a promise to help you with completing a transaction or ensuring better
services. They could con you into revealing your card number and CVV and then ask you to
share the OTP received by you as a message from the bank and cheat you into completing an
unauthorised transaction which is also called as “Vishing”.
 Vishing
Vishing is an attempt where fraudsters try to seek personal information like Customer ID, Net Banking
password, ATM PIN, OTP, Card expiry date, CVV etc. through a phone call. Many people have got calls
from these fake customer care agents representing banks and other agencies to dupe people of their hard
earned money by creating fear among the customers of the banks or by promising lucrative offers on
behalf of the banks. A lot of cases have been reported where people have shared their details with these
fake agents and have lost money from their accounts.

 What you should do?

Remember that no bank will ever ask you to read out your card details for verification or renewal
over a phone call. As a rule, never share your card number, CVV or OTP verbally with anyone.
Once your card details are compromised, then all the money in your credit or savings account
could be emptied.
In case you’re making a booking through a phone call, say for movie tickets, remember that you
will be asked to punch in your card details on the phone keypad. If the operator asks you to read
out the details, you are in for trouble so never fall prey to such demands.
If you receive SMSes from random numbers which look different or contain encrypted text with
links, do not get tempted to click on them. These could be used to corrupt your phone. Always
use your discretion while clicking on links received by unknown numbers. If you are asked to
forward messages that contain your OTP, don’t give in because an OTP is meant for securing
your transactions. Giving it to somebody else could help them divert your transactions for their
benefit.