Newspoint Logo

Hackers can empty accounts even without an OTP; how does this scam work?

publisher-logo
Indiaemploymentnews
Sat Jun 27 18:19:35 IST 2026
whatsapp
Newspoint
Newspoint

Cyber ​​Scam: While OTPs, ATM PINs, or bank details were previously required for fraud, several methods have now emerged where bank accounts can be drained without the victim ever sharing an OTP.

Cyber ​​Fraud: Cyber ​​fraudsters have become increasingly active these days. They are constantly devising new ways to siphon money from people's bank accounts.

Hero Image
Methods such as fake links, malicious APK files, remote access malware-based payment systems, and screen-sharing tools are being used to target victims.

Cybercriminals now send fake messages posing as banks or major companies. These messages lure recipients with offers of discounts, cashback, gift vouchers, or prizes. As soon as a person clicks the link provided in the message, malware or a fake app may get installed on their mobile phone. Hackers then gain control over the device, access banking apps, and—in many instances—execute transactions without requiring an OTP.

A woman in Delhi recently faced such an attempt; she had purchased a laptop from an electronics store and, a few days later, received a message stating she had won a voucher for her purchase. The message asked her to enter her bank details and click a link. However, she became suspicious because the company name in the message was incorrect, and she managed to avoid falling victim to the scam.

Cybercriminals are also utilizing dangerous malware such as APK files and Remote Access Trojans (RATs).

These files are disguised as legitimate apps and distributed via WhatsApp, Telegram, or fake websites. Often, they are also made available for download through fake Play Store listings.

As soon as the user installs the APK file and grants the necessary permissions... Once the malware becomes active in the background, hackers gain remote access to the phone and can operate banking apps, digital payment apps, fintech apps, and even crypto apps just like the actual user.

Cybersecurity experts have also warned Android users about a banking malware named 'Albiriox'. This virus infiltrates phones via fake apps and exploits Android's accessibility features. It allows hackers to perform various actions within banking apps without needing login credentials or OTPs.

According to reports, over 400 such fake apps have already been identified. This malware is being made available to cybercriminals on the dark web under a 'Malware-as-a-Service' model.

Next Story