Are you sharing OTP for fraud in the name of Covid-19 vaccine certificate?

Prevention tips:

• Never share OTPs with anyone unexpectedly
• Avoid clicking on links from unknown sources
• Be cautious of accepting Facebook friend requests
• Do not store sensitive personal information on social media
• If blackmailed, do not pay demands, report to police
• If hacked, don't create new account

It was a typical Tuesday morning in Dhaka when a pediatric cardiologist received an unexpected call. The caller introduced themselves as a doctor from Dhaka Medical College Hospital and said they were working on issuing certificates for the fourth Covid-19 vaccine dose.

They asked the cardiologist for an OTP (One-Time Password) that would be sent to his phone. Trusting the caller, the cardiologist shared the OTP.  

Afterwards, the cardiologist could no longer access his Facebook account. Meanwhile, hackers had gained control of it.

Two hours later, the cardiologist began receiving calls from his relatives. They informed him that they had received messages from his Facebook Messenger, asking for money. A reporter from The Business Standard, who was on the cardiologist's friend list, also received a message asking to send Tk10,000 via bKash to a specific number.

The cardiologist later told TBS that the fraudsters had used the OTP to hack his Facebook account. They had asked many people on his friend list for money. The cardiologist has since filed a complaint with 999.

In this way, high-profile individuals have become targets of cybercriminal gangs. Even those with experience in handling cybercrime have fallen victim to these networks.

Criminal Investigation Department (CID) Cyber Police Center Special Police Superintendent SM Ashraful Alam told TBS that they have recently received several complaints, with most victims being prominent figures.

According to CID sources, over the past two months, many people have lost access to their Facebook and WhatsApp accounts after sharing OTPs as instructed by fraudsters. The list of victims includes government officials, doctors, engineers, and businesspeople.

In the past month alone, at least 6-8 officials in key government positions have been scammed. They have reached out to the Cyber Police Center for help.

Reaz Aziz (not his real name), an officer from the 25th BCS batch, works at a ministry. Recently, he received a call from a number asking if he had received the fourth Covid-19 vaccine dose. When he said no, the caller told him he could register and take the vaccine at a more convenient time. After agreeing, Reaz was asked to provide an OTP.

Once he shared the OTP, he realised he had lost access to his messaging apps, Messenger and WhatsApp.

Soon after, a relative called him and asked if everything was okay, wondering if Tk10,000 would be enough or if more was needed.

Reaz said, "I was confused about what to say. After a while, I realised that I no longer had control over my Facebook and WhatsApp accounts."

CID officials say the fraudsters first take control of Facebook and WhatsApp accounts, then download private photos or conversations as screenshots. They use these materials to blackmail the victim, threatening to spread them. They also ask for money from the victim's relatives under various pretences.

Of the six victims, two have suffered financial losses. However, their WhatsApp and Facebook accounts have been recovered. The cybercriminals involved, though, have not been identified or arrested.

CID officials note that the fraudsters are using very strategic methoxads. They are using SIM cards registered under fake identities or other people's names and have illegally exploited mobile banking services.

Special Police Superintendent SM Ashraful Alam of the Cyber Police Center said that awareness is key to preventing these crimes. He advised, "Never share an OTP with anyone unexpectedly. Don't store personal photos and videos on social media, and avoid clicking on links from unknown sources."

He added, "It's also better not to accept a Facebook friend request from someone you haven't verified. If you fall victim to blackmail, remember that paying money won't stop the threats. Stay strong and report the issue to the police. If your WhatsApp is hacked, don't create a new account to recover it."