One Time Password (OTP) bots, according to research from cybersecurity firm Intel471, are “remarkably easy to employ” and “quite inexpensive to operate” in comparison to the amount of money that scammers can make from a successful assault.
Hackers may gain access to a Telegram bot called ‘BloodOTPbot’ for a monthly cost of $300. Fraudsters can also spend an extra $20 to $100 on more phishing tools that target individual Instagram, Facebook, Twitter accounts, banking services like Paypal and Venmo, and cryptocurrency platforms like Coinbase.
OTP bots are particularly nasty since they are usually the last stage in the hacking process after all vital personal information about the target has been acquired, often known as “the fullz” in hacker jargon. Hackers utilize the OTP bot to imitate an official phone call while requesting the user’s crypto platform for the 2FA code. Hackers obtain fast and complete access to the victim’s account after the often agitated user divulges the code.
Scammers deploy fear and feed on it
Dr. Anders Apgar, a Coinbase user, is the latest victim of this attack, as per the reports by CNBC. He claimed that his account was hijacked during a robocall and had a coin balance of more than $100,000.
The couple stated that their nightmare started when they received a text message. “When she picks it up, a banner came across a notification that says, ‘Your account’s in jeopardy,’” he said.
Dr. Agpar’s two-factor authentication (2FA) code was revealed over the phone, and he was locked out of his own Coinbase account, which housed around $106,000 in Bitcoin (BTC).
OTP bot assaults are becoming more common, generating significant losses to both institutions and regular retail investors. The bots have a very high success rate when it comes to extracting revenue.
“Coinbase would never conduct unsolicited calls to its users,” a Coinbase spokeswoman told CNBC. “We advise everyone to be cautious when providing information over the phone.” Do not give out any account information or security codes if you receive a call from someone pretending to be from a financial institution. Instead, hang up and call them at the organization’s official phone number posted on their website.”