Users are generally advised to use two-factor authentication (2FA) and one-time passwords (OTP) when possible to improve the security of their accounts. However, according to a report by The Vice, hackers have found a way to steal these sensitive codes by misleading users with voice bots.
Hackers can use the 2FA or OTP verification code that users trick into revealing to log in or transfer money, or perform other sensitive functions. Hackers use voice bots that sold online.
How hackers can steal 2FA or OTP codes.
A hacker who used to pretend as bank manager or customer service agent to trick unsuspecting customers into sharing their verification or login information uses customizable bots to make automatic calls and make temporary calls & ask for temporary passwords to accesss your account.
These bots pretend to be talking to a real customer service agent and prompt you to enter 2FA / OTP during the call. Once entered, the hacker will receive a verification code that will allow you to log in to your account and engage in confidential transactions.
The vice president of his report showed a case where a user received a call from PayPal’s fraud prevention system.
According to the call, someone wanted to spend $ 58.82 to access a user’s PayPal account. During the call, it said “Please enter the code you are sending to your mobile device to protect your account”. Once the entered, it says “Thank you. Your account is protected and this request is blocked.”
Apart from these, it also notifies users of voice calls, stating, “Don’t worry if your account is billed. We will be refunded within 24-48 hours.” The reference ID is 1549926. You can now hang up. “
In reality, it was a call from a hacker who used a customizable bot to mislead the user and provide a unique code for verification. Similarly, hackers can target Apple Pay, PayPal, Amazon, Coinbase, and other accounts to steal money or cryptocurrencies.
You will need your username, email address, phone number and password to hack an account. This can be obtained from previous data breaches, and hackers use voice bots if the user has 2FA or OTP enabled. Users also use these email, phone number, and name combinations to determine if a particular user has an Amazon or PayPal account before addressing.
How to stay safe
Users can be safe by being aware of such attacks. Whenever you receive a call from customer service that requires personal information, drop the call. Also, do not share your 2FA or OTP code with others.
If you are concerned about possible account breaches, you should need to log in to your account & track transactions. Change your your email address to avoid such attacks, but hackers can still find & target to your account. Therefore, you will always be aware of these attacks.