What cyber criminals work on – your trust or your fear
One-Time Passwords (OTPs) have become the backbone of digital security, used in everything from banking to social media. But as cybersecurity expert Jiten Jain, Director of Voyager Infosec, warns, OTPs have also become one of the most common tools exploited by scammers. Through clever manipulation, fake calls, and new-age WhatsApp tricks, fraudsters are increasingly finding ways to hoodwink users into revealing this sensitive code—often leading to instant financial loss or account takeover.
At the heart of this lies the simple working of an OTP. It is a special, one-time use code sent to your phone or email whenever you try to log in or make a secure payment. Much like a personal security guard, it verifies that you are really the one trying to access the account. This code is random, valid only for a few minutes, and becomes useless once it’s used. Because it adds a second layer of security, even someone who knows your password cannot enter your account without the OTP.
Scammers, however, are exploiting this trust. Jiten Jain explains that one of the most common tactics involves fake transaction requests. Fraudsters call victims claiming they accidentally transferred money to them and request a refund. In the process, they cleverly convince victims to share their OTP—sometimes masking it as a “verification step.” In reality, the OTP is used to add a new beneficiary or authorize a fraudulent transaction. Within seconds, money is transferred illicitly out of the account.
The danger isn’t limited to banking. OTP misuse is increasingly being used to hijack WhatsApp accounts. WhatsApp’s two-factor authentication (2FA) adds a second layer of protection through a 6-digit PIN that the users set themselves. This PIN ensures that even if someone gets your login OTP, they cannot take over your WhatsApp. But scammers have found new tricks. A rising trend involves WhatsApp audio verification scams, where a fraudster merges a call with the victim while simultaneously playing WhatsApp’s automated OTP voice message. The moment the OTP is read aloud, the scammer captures it and uses it to deactivate the victim’s WhatsApp and activate it on their own device—sometimes to run viral scams using the stolen account.
In our next article, we will go through some simple steps that you can use to keep your account and your money safe.