JAKARTA - Kaspersky's global cybersecurity company has revealed a new phishing method capable of breaking into the security defenses of two-factor authentication (2FA).
Using the OTP bot, fraudsters will intercept OTP through social engineering techniques. Usually, attackers try to get user login credentials via phishing or data leakage.
Then they will log in to the account, and send the OTP to the user's cellphone. From there, the OTP bot will call users, pretend to be representatives of trusted organizations, and persuade victims to share the OTP.
Finally, once the attacker receives the OTP via the bot, they will use it to gain access to the victim's account.
Although 2FA is an important security measure, this is not always easy. To protect yourself from this advanced scam, Kaspersky recommends:
Avoid opening the link you receive in suspicious email messages. If you need to log in to your account, type your address manually or use a marker.
Make sure the website address is correct and there are no typos before you enter the credentials there. Use Whois to check the website: if it's just been registered, it's most likely a fraudulent site.
SEE ALSO:
Don't say or enter a code once while you're calling, no matter how convincing the voice of the caller. Real banks and other companies have never used this method to verify their client's identity.
To protect companies from various threats, use reliable security solutions to provide real-time protection, threat visibility, investigation and EDR and XDR response capabilities for organizations of any size and industry.
Investing in additional cybersecurity training so that your staff always get the latest information. You can choose the format that is most suitable both independently, take online courses and direct training led by experts.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)