OTP Bombing A New Cyber Crime



OTP SMS Bombing : A new type of revenge cyber crime technique  by people who just get sadist pleasure.

Victim‘s Mobile Phone will start getting hundred/thousands of SMS in his message box from different SMS gateways like Flipkart, Ola, Uber, Zomato, Goibibo, Redbus etc. It can be from any sms gateway via a website which has 'Forgot Password' option on it. 

Earlier, culprits use to run a script which had Forgot Password URLs of 6-7 websites in it and they had to just enter a mobile number of the target victim in the software script, the mobile number gets punched on that website forgot password option for the maximum times the website allows (10 times in many cases). So  now the victim gets 10 OTP messages from that gateway/company whoose 'Forgot Password' link was used and victims mobile number was punched by the culprit several times.
Now a days, Black Hat Developers had developed free bombing apps (namely : Bomb-It-Up) which do the same job automatically having a smart graphical user Interface . The culprit just had to enter the victim's mobile number, no. of messages he want to send and click on a single button 'send'.



These apps are not available directly  on google play store or on IOS App Store but their apk files are easily downloadable from websites when you search for it on google.



Consequences
Sometimes people gets thousand/lakh of SMS in their inbox and their memory start filling up, their mobile phone hangs at so much so to the extent that messaging app doesn't even open. This victim person is only left with the option of hard reset with the mobile phone.

Legal Remedy : Section 43(e) read with Section 66 of the IT Act,2000 along with Section 425 of IPC is applicable. This attracts maximum punishment upto 3 years of imprisonment or upto ₹5 Lakhs of fine or both. Remember this is a cognisable offence, so police can arrest the culprit without warrant.

Prevention :
The only prevention to this attack is that 'as soon as you came to know about this attack on your phone, start blocking all the SMS gateways' Generally there are 15-20 gateways at max, block all these gateways once in your messaging app. You'll get no more messages from that gateway.
Know how to Block the SMS

Precaution: Next day  you need to UnBlock the SMS Gateways so you start getting Authentic OTP, PIN ans SMS.
Be Cyber Safe

Adv (Dr.) Prashant Mali
Cyber Security Expert
+919821763157

Comments

  1. Hi Sir, Thank you so much for the information. Can you enlighten us if any campaign is in wild with respect to this attack.

    ReplyDelete
  2. Cyberops is India’s leading organization in the field of Information security.
    Advancement in technology and interconnected business ecosystems has combined to increase exposure to cyber attacks. We aim to digitally shield the cyberspace by offering various products and services. We are hovering to influence our proficiency and global footprint in the field of information security and cyber crime investigation.
    We foster certified trainings on Information Security and provide penetration testing for security audits, and Cyber Crime Investigation services for various sectors to meet their specific needs.
    Cyberops is the best company for VAPT & Penetration Testing in India.

    www.cyberops.in/

    ReplyDelete
  3. Having less or no information about these types of fraud can lead to a big cybercrime. You are doing a heart-winning job by sharing such useful information that may help someone to get out of all these types of frauds.

    ReplyDelete
  4. Thanks for this information, SMS Marketing is sending promotional campaigns or transactional messages for marketing purposes using text messages (SMS) How to send bulk sms

    ReplyDelete
  5. How to find an culprit. Plz let me know.

    ReplyDelete
  6. Thanks for posting useful information. Your Blog helps to clarify a few terms for me as well as giving. Great article and interestingPCI DSS Compliance Services | Novo Shield Data Loss Prevention

    ReplyDelete

Post a Comment

Popular posts from this blog

Consumer Dispute resolution under the Telecom Act 2023

Types of Cyber Attacks

What to do when police does not take your FIR?