 OTP bots and crypto: A tactic to disruptKristen Spaeth
Cyber Security: A Peer-Reviewed Journal, 2023, vol. 6, issue 3, 275-284 Abstract: One-time password (OTP) bots are a form of crimeware-as-a-service that is being used to bypass two-factor authentication (2FA) on victim accounts. The bots are operated through Telegram and are sold at various price points in exchange for cryptocurrency. The bot operators facilitate a false phone call to victims, impersonating their financial institution, to obtain their OTP to commit an account takeover. Account takeovers facilitated by this type of social engineering are an enormous threat to financial institutions due to the inability to identify the attack without secondary corroboration. This paper illustrates the typical workflow of an OTP bot, avenues of institutional platform investigation and detection, as well as potential mitigation options to combat OTP bot attacks. Keywords: otp bots; 2FA; fraud; account takeovers; cryptocurrency (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2023:v:6:i:3:p:275-284 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.