A recent discovery saw AI bots now in place to steal a person's login credentials by only placing weird calls to their targets. Now, they know a way to target those with two-factor authentication enabled.
The bad actors behind these attacks do the prep work before the AI calls, stealing victims' credentials before the call is made, with the bots swooping in to steal the one-time password (OTP).
AI Bots Steal Login Credentials OTPs via Phone Calls
Not everyone you see or hear is legitimate with their intentions, and this also applies to phone calls where it has been reported by The Sun that there are growing attacks with AI bots deployed to steal login credentials like OTPs.
(Photo : Hassan Ouajbir on Unsplash )
It was discovered that bad actors are now engaging in a scam by subscribing to crypto, which costs them $420 a week. They are given AI bots to do the calling for them. First, the fraud artists obtain a person's login credentials, including usernames, emails, and passwords.
Next, these bad actors would turn on a spoofing technology that would call victims where they would be asked to key in their OTPs during the call and would automatically send it over to the threat actor's Telegram bot, as reported by Kaspersky.
Read Also: Trend Micro, Nvidia Join Forces to Create AI-Powered Cybersecurity Tools
How to Protect Account Against Credentials Theft
The best way to protect against account and credentials theft, including OTPs, is to be wary of unusual events, especially when you are sent a login code despite not logging in to any of your accounts.
In this instance, bots posing as businesses or services that ask for these codes would call them after receiving an OTP. Never give your OTP via calls, messages, chats, or emails.
Also, do not authenticate logins that pop up as notifications for some apps.
Using AI for Elaborate Attacks, Hacks
A British spy agency previously warned all users that cyberattacks may increase because AI's massive presence in the industry today is being used for all the wrong reasons.
Apart from being used to execute attacks or help write codes meant to launch attacks, AI may also be used for other forms of hacks by threat actors. Recently, different phishing or scams were launched that use AI and automated systems to deceive their victims. One attack duped an employee from Arup into sending HK$200 million to criminals by pretending to be executives.
Scams, deepfakes, and using AI to execute codes are growing in the cybersecurity world, and many are falling victim to these manipulations using powerful technology. By using deepfake scams and convincing victims, a person may send over their OTPs via calls , which, in turn, would be used by bad actors to gain full access to their accounts, a hack that could be avoided with awareness and vigilance.
Related Article: AI Scams Target Google Search to Deceive Users-Run From Deceptive Ads
