THE RISE OF THE BOTS - How fraud awareness can thwart scam-as-a-service attacks.

Social engineering scams are fraudulent schemes that use psychological manipulation to trick individuals into giving away sensitive information or money. These scams have been around for decades, but with the rise of artificial intelligence (AI), they are becoming even more sophisticated and easier for scammers to succeed with.

Fraud is no longer carried out by sophisticated criminals. It’s too easy to do. It’s far too lucrative. And most of the time there are zero consequences.

Hundreds of thousands of new fraudsters have been activated during the pandemic.

Becoming a scammer is increasing in popularity with Scam-as-a-service models making it easier for people to buy off-the-shelf tools that enable them to project attacks without any prior knowledge of coding. The Fraud as a Service Industry is growing exponentially as expert fraudsters and scammers turn their attention to selling their methods, services, and fraud-perpetrating tech to others. Fraudster automation will rapidly accelerate, turning newbies into experts instantly. They may even begin to incorporate Ai to make them smarter, more targeted, and more human-like. These automated bots could include account opening bots, loan application bots, credential stuffing bots, and new hyper-realistic social engineering text and chatbots.

Bots are ushering in a new era of fraud automation:

Bots create a new level of social engineering tools designed to make fraud easier for those hundreds and thousands of new fraudsters that are entering the scene. In June of 2021, OTP Bot services began to appear which completely automated the pilfering of One-Time Password (OTP) passcodes from victims with zero human-to-human interaction.

OTP bots introduce automation to what used to be a manually-intensive social engineering process.

Instead of contacting victims individually by phone or SMS, OTP bots do the work automatically and at scale. This implies more account takeover (ATO) attacks and more victims. As a result, the returns for fraudsters using OTP bots are high and correlate with the volume of prospective victims targeted. The more victims targeted, the greater the gains.

Consequently, OTP bots are driving substantial losses for financial and other institutions.

Several factors are driving this. First, the bot calls are skillfully crafted, creating a sense of urgency and trust over the phone. The calls rely on fear, convincing victims to act to "avoid" fraud in their accounts. Second, victims are accustomed to providing a code for authentication as it has become common practice for companies to request a verification code when speaking with a call center representative.

Here is how an OTP bot works:

  • Fraudsters purchase subscriptions to activate OTP bots.
  • The fraudster attempts to log in to the victim’s online bank account and, at the same time, prompts the bot by inputting the victim’s phone number and the name of the financial institution the victim is banking with.
  • The bot will robocall the victim and attempt to manipulate the victim to provide the 2FA code and other information as needed.
  • In addition to robocalling, some of these services can also automate attacks via email or SMS that target social media accounts like Facebook, Instagram and Snapchat; financial services like PayPal and Venmo; or investment apps like Robinhood or Coinbase.
OTP Bot Diagram


There are a variety of fraud awareness topics that will help to educate your account holders. People need to remain vigilant in understanding how technology works. Criminals will attempt to exploit consumers through many channels, including email, SMS messaging, messaging services, and through direct calls to consumers. People are finally understanding that a cybersecurity incident can happen at any time, to anyone and that it really is everyone's responsibility to prevent it.

There is going to be a huge wave to consumer fraud as more inexperienced fraudsters use out-of-the-box tools that make it easy and with less risk. There are many topics that would help to educate consumers and you should be consistently reminding your account holders about all of them. Here are a few examples: Email Safety, Recognizing Phishing Scams, Understanding Data Breaches, Imposter Scams, Securing Home Networks, Mobile Phone Safety, Deepfake Fraud, How to Report Fraud & ID Theft, Identity Safety, Social Media Safety, Account Takeover Prevention, and the countless other methods fraudsters use to trick people into divulging their PII.

Copyrights © All Rights Reserved by eFraud Prevention, LLC