top of page
griffin jd.jpg

PROJECT: THE RISE OF OTP SCAMS THROUGH THE GOOGLE MESSAGING APP

YOU MAY SHARE THIS PUBLIC DOCUMENT

 

Most banking scams occur when a suspect uses a person’s SIM card to obtain an OTP

through which they can log into the banking app.  

Scammers no longer have to perform a SIM swap or have access to your SIM card.

 Virtually all Android phones have the Google messaging app. This app syncs all messages to the cloud,

which means anyone who can hack into your Gmail account can receive the OTP through the Google messaging app.


In the digital age, using One-Time Passwords (OTPs) have become a widespread method of

enhancing security for online transactions and account verifications.


Despite their intended purpose of providing an additional layer of security, OTPs have become a new opportunity for scammers who exploit vulnerabilities in the system.

Scammers manipulate users to gain access to OTPs through the Google Messaging app.

They use various methods, the most prevalent is phishing and social engineering.

 

PHISHING ATTACKS:


  • One of the most common methods scammers use to obtain OTPs is phishing.

  • Phishing involves tricking the victim into providing sensitive information by posing as a legitimate entity.

  • Scammers may send a deceptive message through the Google Messaging app, masquerading as a trusted organisation such as a bank, an e-commerce platform, or even Google itself.

  • These messages often contain urgent requests or alarming notifications that prompt the victim to act quickly without scrutinising the authenticity of the message.

  • A phishing attack is driven by highly successful social engineering.

  • For instance, a scammer may send a message claiming that there has been suspicious activity on the victim’s account, and they need to verify the account holder's identity by having the account holder provide the OTP sent to their phone.

  • In a state of panic, the victim may comply, unwittingly giving the scammer access to their account. 

  • The scammer may carry out a similar attack via email.

  • Once they gain access to your Gmail account, they are able to change passwords and take control of all your Google applications, including Google Messenger.

 

PREVENTATIVE MEASURES: 


  • Be aware of tactics used by scammers – knowledge is power.

  • These scams and the modus operandi of criminals is regularly placed on Mike Bolhuis’ website and Facebook Page.

 

USE OF TWO-FACTOR AUTHENTICATION (2FA) APPS:


  • Instead of relying on SMS-based OTPs, users can opt for two-factor authentication (2FA) apps such as Microsoft Authenticator or Authy.

  • These apps generate OTPs within the app, making it more difficult for scammers to intercept them.

  • Even if a scammer gains access to the user’s phone number, they will still need physical access to the 2FA app to obtain the OTP.

 

REGULAR MONITORING OF ACCOUNTS:


  • Users should regularly monitor their accounts for unusual activity.

  • Promptly detecting and reporting unauthorised access will minimise damage caused by scammers.

  • Setting up account alerts and notifications will help users stay informed about suspicious activity.

 

While OTPs provide an additional layer of security for online transactions and account verifications, scammers have developed methods to exploit this system.


Phishing attacks, social engineering, and SIM swapping are some used to deceive victims 

into providing OTPs through the Google Messaging app. 


  • By staying informed,

  • verifying requests,

  • using 2FA apps,

  • and regularly monitoring accounts, users can protect themselves against these

fraudulent activities and ensure their online security.

 

Specialised Security Services invites the public to the Mike Bolhuis Daily Projects WhatsApp Group.

This group is important in delivering insights into the latest crime trends, awareness, warnings and the exposure of criminals.


HOW TO JOIN THE MIKE BOLHUIS DAILY PROJECTS WHATSAPP GROUP:

 
CONTACT MR MIKE BOLHUIS FOR SAFETY AND SECURITY MEASURES, PROTECTION, OR AN INVESTIGATION IF NEEDED.

ALL INFORMATION RECEIVED WILL BE TREATED IN THE STRICTEST CONFIDENTIALITY AND EVERY IDENTITY WILL BE PROTECTED.
 

Regards,

Mike Bolhuis

Specialist Investigators into

Serious Violent, Serious Economic Crimes & Serious Cybercrimes

PSIRA Reg. 1590364/421949

Mobile: +27 82 447 6116

Fax: 086 585 4924

Follow us on Facebook to view our projects -


EXTREMELY IMPORTANT: All potential clients need to be aware that owing to the nature of our work as specialist investigators there are people who have been caught on the wrong side of the law - who are trying to discredit me - Mike Bolhuis and my organisation Specialised Security Services - to get themselves off the hook. This retaliation happens on social media and creates doubt about our integrity and ability. Doubt created on social media platforms is both unwarranted and untrue. We strongly recommend that you make up your minds concerning me and our organisation only after considering all the factual information - to the exclusion of hearsay and assumptions. Furthermore, you are welcome to address your concerns directly with me should you still be unsatisfied with your conclusions. While the internet provides a lot of valuable information, it is also a platform that distributes a lot of false information. The distribution of false information, fake news, slander and hate speech constitutes a crime that can be prosecuted by law. Your own research discretion and discernment are imperative when choosing what and what not to believe.


STANDARD RULES APPLY: Upon appointment, we require a formal mandate with detailed instructions. Please take note that should you not make use of our services – you may not under any circumstance use my name or the name of my organisation as a means to achieve whatever end.


POPI ACT 4 of 2013 South Africa: Mike Bolhuis' "Specialised Security Services" falls under Section 6 of the act. Read more here: https://mikebh.link/fntdpv

 
SSS TASK TEAM:
 
 

Copyright © 2015- PRESENT | Mike Bolhuis Specialised Security Services | All rights reserved.


Our mailing address is:

Mike Bolhuis Specialised Security Services

PO Box 15075 Lynn East

Pretoria, Gauteng 0039

South Africa

Add us to your address book


THIS PUBLIC DOCUMENT WAS INTENDED TO BE SHARED, PLEASE DO SO.

233 views0 comments

Comments


bottom of page