OTP Bombing A New Cyber Crime

-


OTP SMS Bombing : A new type of revenge cyber crime technique  by people who just get sadist pleasure.

Victim‘s Mobile Phone will start getting hundred/thousands of SMS in his message box from different SMS gateways like Flipkart, Ola, Uber, Zomato, Goibibo, Redbus etc. It can be from any sms gateway via a website which has 'Forgot Password' option on it. 

Earlier, culprits use to run a script which had Forgot Password URLs of 6-7 websites in it and they had to just enter a mobile number of the target victim in the software script, the mobile number gets punched on that website forgot password option for the maximum times the website allows (10 times in many cases). So  now the victim gets 10 OTP messages from that gateway/company whoose 'Forgot Password' link was used and victims mobile number was punched by the culprit several times.
Now a days, Black Hat Developers had developed free bombing apps (namely : Bomb-It-Up) which do the same job automatically having a smart graphical user Interface . The culprit just had to enter the victim's mobile number, no. of messages he want to send and click on a single button 'send'.



These apps are not available directly  on google play store or on IOS App Store but their apk files are easily downloadable from websites when you search for it on google.



Consequences
Sometimes people gets thousand/lakh of SMS in their inbox and their memory start filling up, their mobile phone hangs at so much so to the extent that messaging app doesn't even open. This victim person is only left with the option of hard reset with the mobile phone.

Legal Remedy : Section 43(e) read with Section 66 of the IT Act,2000 along with Section 425 of IPC is applicable. This attracts maximum punishment upto 3 years of imprisonment or upto ₹5 Lakhs of fine or both. Remember this is a cognisable offence, so police can arrest the culprit without warrant.

Prevention :
The only prevention to this attack is that 'as soon as you came to know about this attack on your phone, start blocking all the SMS gateways' Generally there are 15-20 gateways at max, block all these gateways once in your messaging app. You'll get no more messages from that gateway.
Know how to Block the SMS

Precaution: Next day  you need to UnBlock the SMS Gateways so you start getting Authentic OTP, PIN ans SMS.
Be Cyber Safe

Adv (Dr.) Prashant Mali
Cyber Security Expert
+919821763157

Comments

  1. SravanDecember 5, 2019 at 6:43 AM

    Hi Sir, Thank you so much for the information. Can you enlighten us if any campaign is in wild with respect to this attack.

    ReplyDelete
  2. CyberopsDecember 10, 2019 at 2:28 AM

    Cyberops is India’s leading organization in the field of Information security.
    Advancement in technology and interconnected business ecosystems has combined to increase exposure to cyber attacks. We aim to digitally shield the cyberspace by offering various products and services. We are hovering to influence our proficiency and global footprint in the field of information security and cyber crime investigation.
    We foster certified trainings on Information Security and provide penetration testing for security audits, and Cyber Crime Investigation services for various sectors to meet their specific needs.
    Cyberops is the best company for VAPT & Penetration Testing in India.

    www.cyberops.in/

    ReplyDelete
  3. Vihaan AgarwalFebruary 5, 2020 at 9:37 PM

    Having less or no information about these types of fraud can lead to a big cybercrime. You are doing a heart-winning job by sharing such useful information that may help someone to get out of all these types of frauds.

    ReplyDelete
  4. SmithApril 14, 2020 at 4:27 AM

    Thanks for this information, SMS Marketing is sending promotional campaigns or transactional messages for marketing purposes using text messages (SMS) How to send bulk sms

    ReplyDelete
  5. RaceJune 28, 2020 at 9:41 AM

    How to find an culprit. Plz let me know.

    ReplyDelete
  6. UnknownOctober 16, 2020 at 11:11 PM

    9947581099

    ReplyDelete
  7. Cyber AcademyOctober 30, 2020 at 3:31 PM

    test

    ReplyDelete
  8. Cyber AcademyOctober 30, 2020 at 3:36 PM

    it is very useful article for cyber security. and we provide cyber security courses and get more information to visit my website:https://www.cyberradaracademy.com/courses/online-cyber-security-training-courses-security-information-classes.html

    ReplyDelete
  9. Cyber Radar SystemsDecember 2, 2020 at 3:57 AM

    Thanks for posting useful information. Your Blog helps to clarify a few terms for me as well as giving. Great article and interestingPCI DSS Compliance Services | Novo Shield Data Loss Prevention

    ReplyDelete
  10. larryDecember 9, 2020 at 10:24 PM

    Great post.
    https://www.mojomarketplace.com/user/NormanSmith-J8sYNiBfhq

    ReplyDelete
  11. StiveJanuary 21, 2021 at 10:00 PM

    Great post.
    https://juegos.elcomercio.es/profile/57788/alexh.html

    ReplyDelete

Post a Comment

Popular posts from this blog

What to do when police does not take your FIR?

-
Image
What to do when FIR is not taken by the Police ? A First Information Report is the first legal document that initiates criminal proceedings. The first information received about the commission of a cognizable offense has to be noted down by a Police Officer. It is called as  First Information Report under Section 154 of CRPC. Cognizable and Non-Cognizable Offences: Cognizable offences  are offences where the police can arrest the accused without any warrant. In such offences, the police can Suo-moto take cognizance of the offence and it does not require any sanction from the court in order to begin the investigation. On the other hand,  Non-Cognizable  offences are those in which police cannot make an arrest without taking prior assent from the court. Schedule I of the Criminal Procedure Code clearly distinguishes which offenses are cognizable and which are not. According to section 154(1) of the Criminal Procedural Code,  an FIR can be filed only in cognizable offenses.  Schedule 1 of
Read more

Consumer Dispute resolution under the Telecom Act 2023

-
Image
The Telecommunications Act of 2023 has strengthened the dispute resolution framework by introducing an online grievance redressal system. The aim is to expedite the resolution of conflicts between telecommunications companies and consumers while ensuring transparency in the redressal process. Following an inquiry, a telecom company found violating license or service terms may incur severe penalties, spectrum holdings cancellation, service restrictions, or even be prohibited from providing telecom services, depending on the seriousness of the breach.  How does the online grievance redressal system operate, and who plays key roles?   An Adjudicating Officer (AO), appointed by the Centre and not below the rank of joint secretary, will conduct inquiries to resolve disputes between telecom service providers and consumers. Additionally, a separate Designated Appeals Committee (DAC) will be formed, consisting of officers at the rank of additional secretaries. Individuals dissatisfied with an
Read more

When can Police Arrest you in Cyber crime: Explanation with Case Laws

-
Image
Arrest by Police in cyber crime cases By Adv (Dr.) Prashant Mali Cyber crime is a reality but personal liberty is a fundamental human right and a cornerstone of the social structure.  Arrest brings humiliation, curtails freedom and cast scars forever. Its deprivation is a matter of grave concern.  The law of arrest is one of balancing individual rights, liberties and privileges,on the one hand, and individual duties, obligations and responsibilities on the other. The police officer can , without an order/warrant from a Magistrate, arrest a person in respect of a cognizable offence punishable with imprisonment exceeding 7 years without mentioning any ' special reasons '. The problem arises when it comes to arrest of a person who is accused of an offence which is punishable up to 7 years. The Hon’ble Apex Court in Arnesh Kumar v. State of Bihar, (2014) 8 SCC 273 held; Our endeavour in this judgment is to ensure that the police officers do not arrest the accused unnecessarily and
Read more