Sinister AI bot steals your log-ins with eerie phone call – simple list of rules saves you from becoming instant victim

AI BOTS are stealing victims’ log-ins by tricking them with fake information and spoofing banks.

But there are simple ways you can protect yourself from these evil scammers.

1

Two-factor authentication (2FA) which provide one-time passwords are usually regarded as a safe way to protect against phishing and theft.

But, they are "not a magic bullet," warned anti-virus experts .

"Even with 2FA, personal accounts remain vulnerable to one-time password bots," it added.

"Sites usually send a verification code in the form of a text, email, push notification, instant message, or even a voice call.

"The code can be generated in a special app directly on the user’s device, although, sadly, few people bother to install and configure an authenticator app."

ONE-TIME PASSWORD BOTS

These AI bots pretend to be legitimate organizations including banks to make their victim reveal a one-time password (OTP).

Firstly, they steal the victim’s login credentials — including a password.

The AI bot then calls the unsuspecting victim to get their OTP.

Most read in Tech

DOUBLE LOSS

Second Bee Gees star dies just days before fellow drummer as tributes pour in

GOODBYE, LIAM

Tragic Liam's coffin at funeral as mourners led by 1D bandmates arrive

MAUR DRAMA

Maura Higgins admits 'I'm not well' & reveals she's SINGLE as she lands in Oz

TV LEGEND GONE

Peaky Blinders icon dies aged 60 as Cillian Murphy pays tribute

The crafty way this is achieved is with a pre-recorded social engineering script.

"The unsuspecting victim keys in the code right there on their phone during the call; the code is relayed to the attacker’s Telegram bot [and] the scammer gains access to the victim’s account," said Kaspersky.

HOW AI BOTS START

Fraudsters launch their AI bot scams by initially buying a subscription in crypto which costs about $420 a week.

The bots are given the intended victim’s name, number, and banking details.

In a scary twist, the scammers can activate a special spoofing function to convince people into revealing their secret OTP.

"They can also customize the language, and even the voice of the bot," added Kaspersky.

That's because all the fake voices are AI-generated.

"The victim needs to believe that the call is legitimate, so, before dialing the number, some OTP bots can send a text message warning about the upcoming call," the experts added.

Phone scam statistics

Americans are bombarded with three billion spam phone calls a month. What are the figures regarding the number of victims and the amount of money lost to fraudsters?

• In 2022, Americans lost some $39.5 billion to phone scams, with 68.4 million US citizens affected, according to TechReport.
• The average phone scam victim lost $567.41 each in 2021, a major rise on the 2021 figure of $182 per victim, according to Hiya.
• The majority of scams happen over the phone, with fraudsters twice as likely to call compared to text in 2021, as reports the Federal Trade Commission (FTC).
• In 2021, the US saw a 56% increase in spam phone calls with 60% of those being robocalls.
• US residents experienced an average of 18 spam phone calls per month, although some experts believe the true figure may be as high as 31 per month.
• Many phone calls from reputable businesses may be marked wrongly as spam, but 38% of companies have no idea whether they’re being marked as “potential fraud” or not, according to Hiya.
• Never hand over any personal or financial information if you suspect a phone call is a scam. For instance, your bank will never ask you for such details in full over the phone. 
• To cut down on spam phone calls and scams, sign up for the Do Not Call Registry. Telemarketers, by law, will need to check that list before they call you.
• Downloading third-party apps such as Hiya, Nomorobo, or Truecaller can help filter out annoying spam calls.
• Try not to share your phone number unless you have to, especially online or with sketchy sources.

Thus the victim assumes they have received a genuine text from their bank alerting them to a pending call.

"During a call, some bots may request not only an OTP, but other data as well, such as bank card number and expiry date, security code or PIN, date of birth, document details, and so on," said Kaspersky.

"While OTP bots are effective tools for bypassing 2FA, they’re utterly useless without the victim’s personal data.

"To gain account access, attackers need at least the victim’s login, phone number and password.

"Scammers take the opportunity to extract as much personal information as possible, pressuring the user to 'confirm their credentials'."

HOW TO STOP BECOMING AN AI BOT VICTIM

If you suddenly receive a one-time password, be cautious as someone might be trying to hack you.

If an unsolicited messages containing login codes pops up, "don’t click the confirmation button if the message is in the 'yes/no' form, don’t log in anywhere, and don’t share any received codes with anyone," said .

Create strong and unique passwords for all your accounts.

"Scammers can’t attack you with OTP bots unless they know your password, so generate complex passwords and store them securely," it said.

"If you receive a message with a link to enter personal data or an OTP, double-check the URL.

READ MORE SUN STORIES

GAME ON

New Minecraft World coming to the UK - with themed ride and immersive experience

PANIC STATION

Moment 22 people left dangling in air for 2.5 hours after ride breaks down

"A favorite trick of scammers is to direct you to a phishing site by substituting a couple of characters in the address bar."

Just as importantly, don't ever share your one-time passwords with anyone - and never enter them on your phone keypad during a call.