Muscat: The police in Al Dhahirah Governorate Police Command arrested a person of Asian nationality for defrauding a woman after convincing her that the caller works as an employee in a bank.
The victim was asked to update her bank information and provide a secret code (OTP), which enabled the caller to seize an amount of RO 10,000.
In a separate incident, a Directorate of Criminal Investigation arrested a person of Asian nationality for participating with an international gang to carry out phishing operations by calling and sending random messages via the WhatsApp application to a group of people, informing them of the need to update their bank information, after which this information is seized and sums of money are stolen from the victims’ accounts.
Guidelines on OTP and OTP-related frauds
One-Time Password (OTP) is a two-factor authentication feature that prevents unauthorized access to private banking information.
It is essential to enter or provide this OTP while conducting various financial transactions like bill payments, online shopping, fund transfers, etc.
Cyber attackers use fraudulent methods to access OTP. These frauds are committed in multiple ways.
As OTPs are sent to an email ID or mobile number registered with the service provider, cyber attackers cannot access them without approaching the bank customer. They either steal OTP without the victims' knowledge or lure them into revealing the OTP by using fraudulent tactics.
OTP fraud prevention techniques
You can implement the following techniques to secure yourself from OTP frauds:
OTP scammers often use phone calls, SMS, or emails to trick victims into sharing their OTP. They pose as bank representatives, lenders, and other service providers, typically creating an urgency to get the OTP. It is important to note that legitimate institutions or companies do not ask for your OTP unless you initiate a transaction that prompts two-factor authentication.
Avoid sharing these details over the phone, writing them down, or leaving them on unprotected networks.
Stay cautious of suspicious links
Fraudsters send malware-infested links under various pretexts like declaring a cash price, offering discounts, etc. Some attackers also impersonate service providers. Never click on any of these links as they are used to read your device and capture OTPs. Always manually search for apps or websites instead of clicking on suspicious links.
Avoid unknown/non-verified apps
Upon downloading an app, you often need to grant permission to access your device’s camera, photo gallery, etc. Sometimes, approving these permissions becomes necessary for KYC formalities and SMS alerts. But if a suspicious app asks for access to these functions, it can easily steal your OTP and much more. Hence, you should only download legitimate apps and grant only the necessary permissions.
Transact through secure networks
Public Wi-Fi networks tend to be risky. Scammers can use these networks to spy on your online activities and steal your sensitive information, including OTPs. When you transact through secure networks, like your home Wi-Fi or a trusted Virtual Private Network (VPN), you prevent others from accessing your confidential data.
Update contact details
If you have changed your email ID or mobile number, ensure you update it with your bank and other financial institutions. Doing so gives you more control over your accounts. By updating contact details on time, one can redirect important alerts like OTPs, logins, etc to new numbers and avoid unauthorized access.
Oman Observer is now on the WhatsApp channel. Click here