Hackers are stealing two-factor authentication codes by using voice bots that sound authentic. Hackers target users on platforms such as Amazon or PayPal by stealing the temporary passwords users receive on their phones. They use customisable bots to ask users of 2FA or OTP codes to log in to their accounts
If you’re not getting any OTP or SMS on your smartphone while carrying out money transactions, you might have become a victim of hackers. In the latest update, hackers are now using a new trick to steal your personal data even on apps like WhatsApp and no one will know. This is a brand new way of stealing banking details through OTP via SMS and it is called ‘SMS redirect.’ This hacking feature should really worry users.
Through SMS redirect, hackers can easily redirect all the messages, OTP and SMS to their phones from your smartphones. Even, hackers can easily get access to all your banking details. They are all doing it in just $16 dollars (roughly Rs 1,200) via SMS redirect service. It shows how careless some companies are because, they usually don’t take customers permission on SMS redirect services.
These hackers are making use of security flaws to redirect important text messages, including those containing OTP or login links for services such as WhatsApp. They can redirect the SMS supposed to arrive on your smartphone and intercept data and carry out the attack in such a way that the victim would not even know that he has been targeted. Your WhatsApp details will be leaked. However, this type of hacking that targets OT, SMS and Whatsapp account, has been happening in the US so far, but its reach as such is limited to just that country.
Hackers are using text-messaging management services, meant for businesses, to redirect SMSes meant for victim to their systems. The negligence of telecom companies in countries like US is responsible for such attacks.
As per a report in Motherboard, a reporter Joseph Cox became the victim of such attack on his personal number. The hackers were able to redirect Cox’s text messages, and his WhatsApp, Bumble, and Postmates accounts were compromised. The hacker managed to log in and take screenshots of content of his accounts. Fortunately, the attack was carried out by a pseudonymous hacker Lucky225 with Cox’s permission to highlight the flaw.
Unlike other hacking activities like SIM swapping and SS7 attacks, which also involve SMS and cellular systems, the victim won’t immediately know if his or her text messages are being redirected. It is easy to assume that there is an issue with the network or service provider when OTP SMSes are not received. In SIM swapping and SS7 attacks, the victim gets to know within a few moments that the phone has been hacked as the phone loses cellular network completely.
The service to redirect SMS can be availed by just paying $16 in US. The service is meant for businesses, but is being misused by hackers. In most cases, the service providers don’t even seek permission of the user to redirect the text messages, or just inform the owner that the texts have been forwarded.
The hackers can easily reset the password of some your accounts using these services and you might never be able to use that account again. So next time if you don’t receive your OTP, try to find out the reason behind it.