One-time passwords are an important security feature in our digital age as they add an extra layer of protection for online transactions and account logins. But, unfortunately, scammers often try to hijack these codes so they can steal sensitive info, money or both.
One-time password (OTP) scams are one of the newest scams around, but they use some old tactics. Here’s what to know about one-time password scams – and how to avoid them!
What is a one-time password scam?
These scams seek to trick individuals into sharing their OTPs, which are then used by scammers to gain unauthorized access to accounts. Here are the various ways the scammers try to steal your OTP:
- Phishing scams. Cybercriminals send fake emails or text messages appearing to be from legitimate sources, such as credit unions or banks, online retailers or social media platforms. These messages often contain urgent requests to verify your account or resolve an issue, prompting you to enter your OTP on a fraudulent website.
- Vishing (voice phishing). In this scam, scammers call victims and pretend to be from a reputable organization. They may claim there is suspicious activity on your account and request your OTP to secure it, all the while exploiting your trust and sudden sense of urgency.
- Man-in-the-middle attacks. In this method, attackers intercept communications between you and a legitimate service provider. When you request an OTP, the attacker captures it and uses it to gain access to your account.
Whichever method is used, the scammer will then use your OTP to access your accounts and possibly to steal your identity.
Red flags
Avoid falling victim to a one-time password scam by watching out for these red flags:
- Unexpected requests. Be cautious of unsolicited messages or calls asking for your OTP. Legitimate organizations typically won’t ask for your OTP unless you’re actively engaged in a transaction or login process.
- Urgency and threats. Scammers often create a false sense of urgency, claiming that immediate action is required to prevent something bad from happening, like an account suspension or fraud.
- Unusual sender information. Check the sender’s email address or phone number carefully. Scammers often use addresses or numbers that are slightly altered versions of legitimate ones.
- Suspicious links. Before clicking, hover over links in emails or messages to see and verify the actual URL address.
- Generic greetings and language. Scammers often use generic greetings like “Dear Customer” in their mass emails, which also tend to have spelling or grammatical errors.
Protect yourself
Staying safe from OTP scams requires vigilance and adopting best practices for online security. Here are some steps you can take:
- Never share your OTP.
- If you get a request for your OTP, verify legitimacy by directly contacting the organization.
- Use multi-factor authentication whenever possible.
- Be wary of links in unsolicited emails or text messages.
- Install security software.
If you’ve been targeted
If you think you’ve been scammed or shared your OTP, take quick action.
First, change the passwords on all affected accounts and those that have similar login credentials.
Next, inform the host organization of the account that it’s been compromised. They can help secure your account and guide you on additional steps. Monitor your accounts in the ensuing weeks and months, looking out for any unauthorized activity.
Finally, file a report with your local consumer protection agency, the FTC and the Internet Crime Complaint Center.
You may also want to consider identity theft protection if sensitive information was compromised.
Arizona Financial members have access to identity protection services that offer credit monitoring, fraud reimbursement and comprehensive identity theft resources. To learn more visit ArizonaFinancial.org/IDProtect.