Hackers are stealing two-factor authentication codes by using voice bots that sound authentic
Hackerstarget users on platforms such as Amazon or PayPal by stealing the temporary passwords users receive on their phones.
- They use customisable bots to ask users of 2FA or OTP codes to log in to their accounts.
- Unsuspecting users get voice calls from such bots, asking them to enter verification codes, which can then be accessed by the hackers.
Users are generally advised to use two-factor authentication (2FA) and one-time passwords (OTP) wherever possible to enhance the security of their respective accounts. But according to a report in The Vice, hackers have deduced a way to steal these sensitive codes by using
The hackers can either login or make money transfers or perform other sensitive functions by using the 2FA or OTP verification codes that the users are tricked into revealing. The hackers use voice bots that are sold online.
Here’s how hackers can steal the 2FA or OTP codes.
Hackers, who earlier used to pretend as bank executives or customer care agents to trick unsuspecting customers into sharing their verification or login information, now use customisable bots that can place automated calls and ask for the temporary passwords to access your account.
These bots are made to sound like you are talking to an authentic customer care agent and then they ask you to enter the 2FA/OTP during the call. Once you enter it, the verification code reaches the hacker and they can now login to your account and perform sensitive transactions.
The Vice in their report demonstrated one such instance where the user gets a call from PayPal’s fraud prevention system.
According to the call, someone wanted to spend $58.82 by accessing the user’s PayPal account. Over the call, it said, “in order to
Apart from these, the voice call also informed the users saying “Don’t worry if any payment has been charged to your account: we will refund it within 24 to 48 hours. Your reference ID is 1549926. You may now hang up.”
The call was actually from a hacker who used the customisable bot to trick the user into giving their one-time codes for verification. Similarly, hackers can target your Apple Pay, PayPal, Amazon, Coinbase, and other accounts to steal money or cryptocurrencies.
To hack into an account, one will need a username or email address or phone and password. This can be obtained from a previous data breach, and if the user has 2FA or OTP enabled, the hackers bring in voice bots to their use.
AdvertisementUsers also use these combinations of emails, phone numbers and names to determine whether the specific user has an Amazon or PayPal account before targeting them.
How to stay secure
Users can stay secure by being aware of such attacks. Whenever you get a call from any customer care asking for personal information, drop the call. Also, you should not share the 2FA or OTP codes with anyone.
In case you are worried about a potential breach of your account, you should log in to your account and track your transactions. Change the email address to prevent such attacks but the hackers can still find it and target your account. So you will beware of these attacks at all times.
Xiaomi 12 expected to be the first Snapdragon 898 powered smartphone
WhatsApp may soon introduce Communities, offer more control to admins
Facebook's own researchers found the app is bad for 360 million of its users, according to a report
Popular on BI
- I asked Microsoft's 'new Bing' to write me a cover letter for a job. It refused, saying this would be 'unethical' and 'unfair to other applicants.'
- Microsoft's ChatGPT-powered Bing browser now available publicly
- Don't be in a hurry to prepay but plan EMIs better, say experts as home loan burden set to rise
- Disney profits shine but still lays off 7,000 employees to cut $5.5 billion in costs
- Xiaomi 13 Pro with Leica-powered camera to launch in India on February 26 — here’s how its camera was made
- Boney Kapoor announces biography on late wife, legendary actress Sridevi
- Bombay HC says bullet train project of 'national importance', junks Godrej plea
- After Wipro, Infosys showing exit doors to freshers in Bengaluru say sources