Nowadays, multiple iPhone users have been a victim of numerous fraudulent activities of hacking.
Hackers can use the bots to breach Coinbase, Amazon, PayPal, and bank accounts convincingly and easily.
Below is one of the examples of how this hacking happens.
Example Of The iPhone Scam Call
In this scenario, PayPal's fraud detection system made the call. According to the automated voice on the line, someone tried to use your PayPal account to spend a certain amount.
To stop the transfer, the system would require the user to authenticate his/her identification.
The Paypal agent would say, "In order to secure your account, please enter the code we have sent your mobile device now," and then PayPal will send users a code through text message to protect their accounts.
After inputting a series of six digits, the speaker would say: "Thank you, your account has been secured and this request has been blocked. Don't worry if any payment has been charged to your account: we will refund it within 24 to 48 hours. Your reference ID is 1549926. You may now hang up."
While this call may seem legit, it was from a hacker.
How Does The Cybercrime Happen?
According to Vice, scammers employ a form of bot that makes it much easier for hackers to fool victims into handing over their multi-factor authentication codes or one-time passwords (OTPs) for a variety of services, allowing them to log in or authorize financial transactions.
Various bots target Apple Pay, PayPal, Amazon, Coinbase, and a variety of other financial institutions.
Previously, convincing victims to hand over a login or verification code required the hacker to speak directly with the victim, such as by pretending to be the victim's bank over the phone.
However, these increasingly traded bots dramatically lower the barrier to entry for bypassing multi-factor authentication.
Motherboard requested Kaneki, an online seller of these bots, to demonstrate the capabilities by making an automated call to a Motherboard reporter's phone.
Kaneki then demonstrated how their bot receive the identical code after gaining access to the reporter's code.
Preventative Measure
Apple's iPhone users may start getting around multi-factor authentication, a security precaution that many members of the public may assume is largely secure.
They can do so with these bots, which cost a few hundred dollars.
The advent of bots and their growing popularity raise the question of whether online services should provide more phishing-resistant authentication methods to protect users.
A hacker will require the victim's username or email address, as well as their password, to gain access to their account. They could have gotten it from a prior data breach including credentials that a lot of people use all over the internet.
Alternatively, they might buy a set of "bank logs" (login credentials) from a spammer, according to OPTGOD777, another person who is apparently offering these bots for sale.
However, the victim may have enabled multi-factor authentication, which is where the bots enter the picture.
The hacker submits their target's phone number and the platform they want to breach into on Telegram or Discord. The bot then makes an automatic call to the destination in the background.
The bots, according to Kaneki, use sites similar to Twilio, a communications firm for businesses that allows users to send messages and make phone calls, though not all of the bots use Twilio.
How to Keep Yourself Safe
To avoid becoming a victim of a scam like this, stay watchful and never give out personal information carelessly.
Keep your authentication codes to yourself at all times.
Put the phone down and call a company's official hotline or email their official customer service if you're concerned about an automated message, according to the Sun.