Cyber security often means taking advantage of all of the cyber tools available to you to keep your accounts safe. Choosing a unique password for your sensitive personal and financial accounts, avoiding oversharing of personal information on social media sites, enabling strict privacy settings and enabling multi-factor authentication (MFA) for your online accounts when available are all ideal steps to take to stay cyber safe.
While cyber criminals are always looking for ways to trick you into revealing information they can use to access your accounts, we have a few simple tips to avoid getting tricked by “one time passcode” scams that you may encounter while attempting to access your accounts securely.
How One Time Passcode (OTP) scams work
Many websites now require that you provide a password and a numeric code called an OTP or “one time passcode” that you can ask to have sent to you by text message or by email. This is an example of an MFA method that increases security since if your password gets stolen, fraudsters still can’t access your account on the site without the time-sensitive passcode.
But fraudsters are now getting around that requirement by calling you and pretending to be a legitimate organization such as the post office, bank or other trusted organization, and asking for the OTP that was just delivered to your phone by text or email. Sometimes fraudsters will even pose as bank investigators who are calling about a suspected fraudulent transaction.
Simple tips to avoid the scam
- Never share an OTP with anyone who calls you, texts you or emails you asking for the code. The OTP sent to you is personal and unique to you.
- Remember that your bank or any other reputable company will never ask you to share an OTP with them over the phone, by text or by email.
If you think you’ve been scammed
Banks take extensive steps to protect your personal information entrusted to them and to help you protect it as well. If you think you’ve been the victim of a OTP scam and provided your financial information to a fraudster, contact your bank immediately.
The Canadian Bankers Association publishes a regular Fraud Prevention Tip email newsletter. Sign up to learn about the latest frauds and scams.