Abstract
One-time password (OTP) bots are a form of crimeware-as-a-service that is being used to bypass two-factor authentication (2FA) on victim accounts. The bots are operated through Telegram and are sold at various price points in exchange for cryptocurrency. The bot operators facilitate a false phone call to victims, impersonating their financial institution, to obtain their OTP to commit an account takeover. Account takeovers facilitated by this type of social engineering are an enormous threat to financial institutions due to the inability to identify the attack without secondary corroboration. This paper illustrates the typical workflow of an OTP bot, avenues of institutional platform investigation and detection, as well as potential mitigation options to combat OTP bot attacks.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
