Where there are profits involved, fraudsters always lurk close. Financial institutions have measures in place to protect their funds from hacks, thefts, and data manipulation but scammers keep devising new ways to get past such firewalls.
For instance, banks have suffered for years as customers fall prey to phony calls asking them to share crucial details, exposing their accounts to thefts. The situation is no different in cryptocurrencies as well. Apart from general phishing websites and Ponzi schemes, fake Elon Musk impersonations are quite common as well. A man in the U.K. was reported to have lost over 400,000 Pounds in a false Elon Musk crypto giveaway.
Beware Of OTP Bots
Recently, fraudsters have started using OTP bots to lure victims into giving them access to entire accounts. The scam begins after the victims’ details, such as phone number, bank account number, and date of birth are gathered. The fraudster then subscribes to a bot service that places a fake phone call to the victim, gathering additional information like a 2FA code, CVV, or pins/passwords. Once the bot does the work, fraudsters gain complete access to an individual’s account.
A report published by cybersecurity firm intel471 in September showed that OTP bots, operating on the cloud-based messaging platform Telegram, are becoming widely used and increasingly dangerous. As per the report, some bots, such as SMSRanger, are ‘extremely easy to use’. A simple slash command allows a user to enable different modes that can target specific banks and online payment services such as ApplePay and GooglePay.
CNBC recently reported an incident where Dr. Anders Apgar, a Coinbase customer, was locked out of this crypto account after falling prey to a bot call. The account held more than $100,000 in crypto holdings. He was reported to have revived a call from a user claiming to be a Coinbase representative. The fraudster said “We have detected unauthorized activity due to failed log-in attempt on your account. This was requested from a Canada IP address. If this (is) not you, please press 1, to complete precautions recovering your account.” Upon pressing 1, Dr. Anders Apgar immediately lost access to his account.
As per financial software firm Arbigo, OTP bots are even more threatening. To be specific ” Instead of contacting victims individually by phone or SMS, OTP bots do the work automatically and at scale. This implies more account takeover attacks and more victims”
What Measures Can be Taken?
It’s important to know that exchanges such as Coinbase and Binance do not call customers asking them to share personal details. Warnings have been issues on both websites under the ‘customer support’ section. Other exchanges such as Kraken do not call unless an inquiry is made first by the customer itself, while FTX follows a similar policy. Hence, It’s vital to go through the customer support sections of each exchange before opening a new account. If attacked by such bot calls, the best action would be to disconnect the call immediately without dialing any other number on the keypad.
Additionally, it’s important to contact the exchange even if a customer has attempted to be duped. In some cases, the exchange can help one verify if their account is at risk of being exposed through malware or other malicious software.
According to Chainalysis, a record $14 Billion worth of crypto was stolen in 2021, almost double that stolen in 2020. This is mainly because security measures are not being developed as fast the field of crypto is evolving. Hence, until appropriate measures are in place, individuals must take precautions to keep their funds safe from any kind of theft.