It was quite a lazy Sunday. There I was, sitting on my back, scoring a sensational hattrick with Marco Asensio in FIFA 19 in my computer when a message popped up on my phone. Taking half a glance I could see that it was an OTP for a transaction. That was interesting considering I had just spent the last hour helping Real Madrid win league championship in my career mode in the game. With a tinge of concern, I deleted the message, dialed up my bank personnel and informed them about the incident and immediately changed my credentials and that was that. Thankfully nothing wrong happened at the time and all was well and good.
This may seem like the sort of thing that happens once in a while, however if you talk to people around you and see news reports you will find that this is not an isolated incident. Every day, hundreds of people across India and the world fall victim of OTP scams. A crude way to carry out the scam as has been showed by a slew of advertisements is to actually carry out social engineering where the hackers trick you into giving up your credentials and OTP via a fake call or message or a similar sort of thing. Recently in Mumbai, a woman shared her OTP multiple times with a person who identified himself as a banker which helped the perpetrator get nearly ₹7 lakhs. However in the digital era their methods are much more sophisticated with the ease of technology. Having easy access to smartphones and the internet means that the common people in general tend to be in a forest full of trenches. Every step can lead to a trench. Sometimes some of the apps people download happen to be mirror applications which take in their credentials. It’s a far more sophisticated and scalable form of social engineering where in the attackers don’t really themselves while carrying out the process. Having got your credentials these mirror apps generally ask for access to your message which, the people tend to give it to them and hence we end up in deep trouble as the apps can then read the OTP text from the messages and voila!
Now the question is what can someone do to escape from this? Understanding a mirror application is tough for tech savvy people as it is but it is almost impossible for people like our parents who were not born in the digital age and cannot start to comprehend what is happening or has happened. By and large what I have found is that antiviruses and other protective applications create more problems than solutions. The biggest safeguards that a person can exercise are “Awareness”, “Vigilance” and “Caution”. People need to be aware of what is going on around them. They need to be aware of the various techniques and methodologies that hackers and scammers are using to create problems for them. If required they need to talk to the concerned people regarding these things. The next thing that they got to do is be vigilant and cautious. Download applications from a reputed source only can be a start. Also people need to be educated and understand what is a download link and what is a fraudulent link. Disaster can only be a click away.
In addition to the above written things people need to stop using certain apps which ask for unnecessary permissions. For example why does your calculator app need to get access to your phone book? Its imperative that people see what the applications are asking for and then proceed. What data you choose to provide is mostly in your hands and it is you who give them away. Using your common sense is key. As a colleague of mine tends to say a lot, In the age of AI its imperative to use Human Intelligence once in a while I guess.
However all these precautions and everything can come from a place of sincerity and seriousness. Data Sovereignty is something that we haven’t taken to heart just yet. There are notions in alarmingly large chunk of the population that giving away there data means nothing. There is a wide scale underestimation of the value of personal data. From underestimation come frivolity, frivolity leads to carelessness, carelessness leads to hacks. That is why in this day and age it is time to get serious about data.
Have you had such incidents before? It can be at a personal or at a business level. Feel free to talk to me about data security, data privacy for personal and for business requirements or cyber security in general. You can mail me at firstname.lastname@example.org . You can also follow me in my social media handles where I talk about security, businesses, startups and a wide variety other things.
Also follow me up here on medium to keep getting my articles.