₦airaland Forum

Welcome, Guest: Join Nairaland / LOGIN! / Trending / Recent / New
Stats: 2,075,392 members, 4,481,116 topics. Date: Friday, 21 September 2018 at 05:25 AM

How Scammers Bypass Your One Time Password Protect - Phones - Nairaland

Nairaland Forum / Science/Technology / Phones / How Scammers Bypass Your One Time Password Protect (2565 Views)

How To Bypass Google Account Verification For Tecno, Infinix, Gionee & More / Why You Should Put Password On Your Phone - Techknowng.com / See The Method Scammers Are Using Now (pictures) (2) (3) (4)

(1) (Reply) (Go Down)

How Scammers Bypass Your One Time Password Protect by UrVillagePelsin(m): 9:55pm On Mar 07
This is only a tip of the iceberg. Please visit https://icmaxblog.com/posts/protect-your-bank-account/ to read full article.


In general, while far from perfect, banks are pretty good about security. Hacks and breaches are fairly rare in the grand scheme of things. When a bank account is drained, it’s often because the owner was careless and unwittingly gave away access (e.g. compromised ATM skimmers and wire transfer con scams).

Two-factor authentication (2FA) or One Time Password (OTP) is supposed to protect your bank account, but scammers have found a way around it—by tricking you with a new phishing tactic. In this article, I explain how the scam works and how you can evade it.



How 2FA or OTP Protect Your Bank Account

2FA is simple: in order to access your account, you start by entering your password, which is your first factor, and then you confirm that your identity using a second factor, such as a security question or a verification code (OTP) sent in a text message.

How The Scammers Operate

It starts with a phone call. You may or may not recognize the number, but it doesn’t matter because phone numbers can spoofed.

When you pick up, the caller will say they’re from your bank, they’ve noticed a fraudulent charge on your account, and they want to help resolve the issue but first need to confirm your identity.

The scammer reads off a handful of your most recent bank charges, then ends with a final non-existent charge.

You don’t recognize it, so you think it must be fraudulent. You let the scammer know. They reassure you that it’s okay, promise to reverse the charge, then send over one last confirmation code by text message. You read it back. That’s it, done!

See What Actually Happened

Every time you received a confirmation code, it was actually the scammer trying to access your bank account. When you read the code back to them, they typed it in and successfully bypassed your account’s 2FA/OTP security.

Once in, they can do things like change your username, change your password, change your phone number for 2FA, or even send money from your account to their account.


This is only a tip of the iceberg. Please visit https://icmaxblog.com/posts/protect-your-bank-account/ to read full article.

4 Likes 1 Share

Re: How Scammers Bypass Your One Time Password Protect by mydadsboy(m): 1:02am On Mar 08
Great news
Re: How Scammers Bypass Your One Time Password Protect by directonpc(m): 3:15am On Mar 08
Someone nearly did this to me. He wanted to hijack my Gmail.
Re: How Scammers Bypass Your One Time Password Protect by chloride6: 5:24am On Mar 08
Are you a learner OP? grin

Even most OTP messages will tell you not to disclose this code to anyone.

I thought you wanted to talk about Sim swap and cloning, where your phone number for OTP is retrieved cloned behind you. In the case of retrieval your sim will go inactive which is worse since you may not get alert if you don't use email. If you notice and loss in network in your main line abeg quickly rush go bank. That's why it's advisable to have your main pile of cash in an account with no electronic access. Just a second part withdrawal.

12 Likes 2 Shares

Re: How Scammers Bypass Your One Time Password Protect by 247TechBlog(m): 7:58am On Mar 08
Or they can just clone your phone number via customer care. Your network will just disappear and the otp will be receive on it

Account cleared before you even know it



Meanwhile Check my signature and visit my blog, you'll love it
Re: How Scammers Bypass Your One Time Password Protect by Brey(f): 10:06am On Mar 08

1 Like

Re: How Scammers Bypass Your One Time Password Protect by Simeony007(m): 10:39am On Mar 08
directonpc:
Someone nearly did this to me. He wanted to hijack my Gmail.

Most of the time it's not an hijack but an assumption by Gmail to keep you on alert. For instance if you open your account on another browser even on the same phone that you registered your account with, it will tell you "suspicious activity", even if you do it on a brand new phone it will tell you suspicious activity just to keep you on alert to prevent you from getting one.
Re: How Scammers Bypass Your One Time Password Protect by directonpc(m): 11:54am On Mar 08
Simeony007:


Most of the time it's not an hijack but an assumption by Gmail to keep you on alert. For instance if you open your account on another browser even on the same phone that you registered your account with, it will tell you "suspicious activity", even if you do it on a brand new phone it will tell you suspicious activity just to keep you on alert to prevent you from getting one.
the guy called me and requested for the code.

Is that an assumption too?
Re: How Scammers Bypass Your One Time Password Protect by edicied: 12:07pm On Mar 08
Google doesn't have 2-step verification available for Nigerians am worried cause Gmail is my primary mail client cry
Re: How Scammers Bypass Your One Time Password Protect by Otedollaryen: 1:18pm On Mar 08
UrVillagePelsin:
This is only a tip of the iceberg. Please visit https://icmaxblog.com/posts/protect-your-bank-account/ to read full article.


In general, while far from perfect, banks are pretty good about security. Hacks and breaches are fairly rare in the grand scheme of things. When a bank account is drained, it’s often because the owner was careless and unwittingly gave away access (e.g. compromised ATM skimmers and wire transfer con scams).

Two-factor authentication (2FA) or One Time Password (OTP) is supposed to protect your bank account, but scammers have found a way around it—by tricking you with a new phishing tactic. In this article, I explain how the scam works and how you can evade it.



How 2FA or OTP Protect Your Bank Account

2FA is simple: in order to access your account, you start by entering your password, which is your first factor, and then you confirm that your identity using a second factor, such as a security question or a verification code (OTP) sent in a text message.

How The Scammers Operate

It starts with a phone call. You may or may not recognize the number, but it doesn’t matter because phone numbers can spoofed.

When you pick up, the caller will say they’re from your bank, they’ve noticed a fraudulent charge on your account, and they want to help resolve the issue but first need to confirm your identity.

The scammer reads off a handful of your most recent bank charges, then ends with a final non-existent charge.

You don’t recognize it, so you think it must be fraudulent. You let the scammer know. They reassure you that it’s okay, promise to reverse the charge, then send over one last confirmation code by text message. You read it back. That’s it, done!

See What Actually Happened

Every time you received a confirmation code, it was actually the scammer trying to access your bank account. When you read the code back to them, they typed it in and successfully bypassed your account’s 2FA/OTP security.

Once in, they can do things like change your username, change your password, change your phone number for 2FA, or even send money from your account to their account.


This is only a tip of the iceberg. Please visit https://icmaxblog.com/posts/protect-your-bank-account/ to read full article.
saved
Re: How Scammers Bypass Your One Time Password Protect by UrVillagePelsin(m): 3:19pm On Mar 08
edicied:
Google doesn't have 2-step verification available for Nigerians am worried cause Gmail is my primary mail client cry

Google has 2 step verification for all users.

To Set up 2-Step Verification

1) Go to the 2-Step Verification page. You might have to sign in to your Google Account.
2) Select Get started.
3) Follow the step-by-step setup process.

Go to https://icmaxblog.com/posts/generate-2fa-codes-with-google-authenticator/ to read fully about it.
Re: How Scammers Bypass Your One Time Password Protect by madgoat(m): 10:57pm On Mar 08
edicied:
Google doesn't have 2-step verification available for Nigerians am worried cause Gmail is my primary mail client cry

You obviously don't know how to use your gmail/Google
Re: How Scammers Bypass Your One Time Password Protect by edicied: 12:21am On Mar 10
madgoat:


You obviously don't know how to use your gmail/Google
UrVillagePelsin:



Google has 2 step verification for all users.

To Set up 2-Step Verification

1) Go to the 2-Step Verification page. You might have to sign in to your Google Account.
2) Select Get started.
3) Follow the step-by-step setup process.

Go to https://icmaxblog.com/posts/generate-2fa-codes-with-google-authenticator/ to read fully about it.
It's not available for Nigerians by SMS i know of the one for android but not everyone owns an android phone! then what do you do?

(1) (Reply)

Mtn Fans Only:which Is Cheaper Talk On Or Super Saver / Nokia 6680 Always On Low Memory, Pls Help / Glo BIS : My H Is Not Showing

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (0) (1) (2) (3) (4) (5) (6) (7) (8) (9)

Nairaland - Copyright © 2005 - 2018 Oluwaseun Osewa. All rights reserved. See How To Advertise. 79
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.