COVID-19 Linked OTP Frauds Targeting India

In these challenging times caused by the COVID-19 pandemic, have you heard about any get rich quick schemes? No, we are not talking about Crypto Currencies today. 

Cyble Researchers have come across a fraudulent technique being used by cybercriminals. This is a case of OTP Fraud, which is one of the simplest and quickest cases of cyber fraud. 

With COVID-19 as the threat vector, cybercriminals are devising newer ways to defraud people. In case of the OTP fraud, they are tricking people in the name of Registration for the COVID-19 Vaccination. 

Based on our investigation we discovered that the fraudster behind the OTP fraud were able to dupe unsuspecting individuals into believing that they are speaking to officials from a legitimate organisation. These fraudsters were found masquerading as either as officials from the government or a health organisation or even a hospital claiming that individuals can register for the vaccine shot right from this call. 

They start by asking the victim for basic information such as the name, age, DoB, and Aadhar Card Details. Once these details are provided, the victim is further duped into giving the Aadhar number and the associated OTP that was sent to the phone. These steps are devised to convince the unsuspecting victim that he/she is getting successfully registered for vaccination in an easy and convenient manner. 

Once victims part with their personal information, the fraudster can potentially use the submitted details to make unauthorized financial transactions from their accounts. These cybercriminals are leveraging the functionality of withdrawing money using Aadhar to fraud people. 

SBI has also alerted users of SbiYono to watch out for fraudulent phone calls. Below is a screenshot of the message sent by SBI to its users. 

Wondering how to keep yourself safe against the rising cybercrime using COVID-19 as the threat vector? One of the surest ways to prevent yourself from falling into the trap of fraudulent schemes is to refrain from submitting sensitive details over the phone and it’s also crucial to verify the credibility of the agencies promising such services of vaccine registration. We recommend that individuals should only opt for Government-recommended official processes involving Registration through the designated online portal or the trusted registration apps. We advise that you steer clear of fraudulent schemes asking for sensitive details such as Aadhar card number and OTP verification! 

About Cyble:   

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.    

Leave a Comment

Your email address will not be published.

%d bloggers like this: