IT expert points out fraudulent schemes to bypass two-factor authentication

Fraudsters bypass two-factor authentication using a bot to steal one-time passwords (OTP, One-Time-Password). This was reported on January 15 by Igor Bederov, Director of the Investigations Department of T.Hunter, an expert of the STI market SafeNet (SafeNet).

According to him, two-factor authentication is used by three quarters of Internet users, but it does not guarantee complete security.

"To bypass two-factor protection, attackers have begun to use OTP-bots that imitate the process of entering a one-time password," the expert shared in a conversation with RIA Novosti.

He noted that this method is three times more effective than conventional phishing. The success rate of stealing accounts with the help of OTR-bots reaches 60%. With its help, the fraudster gets access to all notifications in real time.

Bederov added that the attacker can encourage the victim to self-report a one-time code to the bot during a call. In addition, he pointed out the possibility of fraudsters to create a fake bank login page through fake emails. In this way, the bot steals the data that the user uses to log into the bank and passes it to the cybercriminal.

The specialist urged Russians to conduct additional verification via an authenticator app or hardware token to protect themselves from fraudulent schemes. He also recommended monitoring account logins and changing passwords in case of suspicious authorization attempts.

Earlier in the day, Oleg Sedov, Director of Cyber Security for the Public, Solar Group of Companies, shared with Izvestia the rules of cyber hygiene that should be observed to protect against hacking and fraud on the Web. The expert recommended using complex passwords, enabling two-factor authentication, activating 2FA on all available accounts, and monitoring and regularly checking your profiles, including banking applications.