Two-factor authentication faces new security threat from OTP bots

Beware of being tricked by bots asking for your one-time passwords in order to log in to your online accounts. — AFP Relaxnews

A new breed of malicious bots are capable of stealing the one-time passwords (OTPs) from online two-factor authentication systems by calling their victims directly. These fully-configurable intelligent agents can now be purchased over the Internet by would-be scammers.

Two-factor authentication involves adding at least one extra step to the log-in process for an online account. This can take several forms, including a temporary unique code sent by SMS. In theory, this system makes it much harder for hackers to access your accounts, even if they have your password.

According to a recent report from the antivirus solutions provider Kaspersky, hackers have managed to bypass the system, using advanced phishing techniques and automated tools. It all starts with the acquisition of the future victim's login details. This can be done via leaked personal data purchased on the dark web. Scammers then use so-called OTP bots, malicious computer programs specially designed to steal one-time passwords.

The hacker uses the stolen credentials to attempt to log in to the victim's account. The victim then receives a one-time password on their phone. The malicious bot then calls the victim and automatically follows a pre-prepared script to encourage them to share the code. Hackers can also set the bot's language and voice (male or female) in advance. By typing the code on the phone without interrupting the call, it is then transmitted to the hacker, who simply has to enter it to connect to the service in question.

To protect yourself against these scams, take care never to click on links in suspicious SMS messages or emails, and of course never share your one-time passwords. When in doubt, it's best to go directly to the relevant platform to enter your details.

In theory, two-factor authentication can be “cracked”, but it remains one of the safest ways, along with passkeys, to avoid having your online accounts hacked. – AFP Relaxnews

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Passwords , OTP


Next In Tech News

Google scraps plan to remove cookies from Chrome
Chip design software firm Cadence forecasts third-quarter results below estimates
US congressional panel calls on CrowdStrike CEO to testify on outage
Stellantis ready to 'fight' for place in Europe's EV market, CEO says
Insurers to see limited hit from CrowdStrike disruption, Fitch says
Boeing-owned Wisk expects to begin carrying passengers 'later in the decade'
Reddit strikes deals with sports leagues to attract more ad dollars
CrowdStrike shares tumble 13% on IT outage impact
Delta CEO sees flight disruptions lasting for another couple of days
Verizon hit by prepaid subscriber exodus after internet subsidy ends

Others Also Read