I am traveling currently and in Jaipur at the moment. I ordered few groceries to my Airbnb and some Zomato orders. I think that’s the only places I shared my number with apart from the Airbnb host, who is a retired army officer, so he’s mostly out of suspicion.
Since this morning I have been bombarded with OTPs from sites I have never even used, like Allen, District, APSRTC, TVS Motors, Matrix Zee, and some I use like Jio, Swiggy, Zomato, etc. I have received 50+ OTPs in last 4-5 hours, I had to mute notifications. It’s like 4-5 OTP every minute with 10 minutes of random breaks in between.
I even got a call from some girl demanding money for an order fulfilled. I lost my cool quickly and never got to find much information from her.
Can someone tell me what kind of scam is this and what precautions should I take to avoid further abuse of my number?
So far I have not received any credit card or bank OTPs and no money has been deducted as far as I can tell.
Your number got leaked somewhere and the sc/pammers are trying it now. It was very easy to trigger the OTP bombing earlier but don’t know how it is now.
Just be aware of any transaction alerts. It will be annoying but harmless otherwise.
if you’re sure it’s not him then his device has been compromised — added you as a contact and malware on his device proceeded to brute force its way into stealing something using your number
most less-savvy services will let you skip otp, no idea why they have otp in the first place if it’s so easy to bypass
I always get some kind of marketing message/call when I give my number out so my main bank account is on a secondary number, same with aadhar and pan card and all other government services (water, electricity, municipal taxes)
half my WhatsApp chats are loan offers, but that’s probably my fault
my public number is just for upi lite or upi pay later
it was a pain to set up though, upi pay later needs your number to be linked to your aadhar, so I needed to change my aadhar linked number twice, first to activate upi pay later with my public number and then change it back to my secondary number
In that flood of messages, you might overlook some genuine notifications. So sometimes scammers trigger such an SMS bomb when they are trying to exploit something else. Basically to mask the intended notification/message in a flood of noise.
Happened with me once, had a leaked password on TataCliq IIRC and there was some money in the TataCliq wallet, and I was hit by the SMS bomb, and during that time, someone was able to place an order using the wallet balance. Anyway I realised immediately, cancelled the order and changed the password.
The SMS bomb itself is not the exploit they are using, it’s just an additional noise to distract you.
please share you number here, so that we all can check & confirm that its not a common typo of some other popular well known number ?
On a serious note, did you provide any of your ID details to your AirBnB host or someone else recently ? Go through those sites/services and evaluate if anybody can do real damage assuming that your ID + mobile number are available to them and take appropriate actions/precautions.
Some people sideload apps or apk on Android devices like movie watching etc or cracked apk files
May be Airbnb host have those kind of apk installed on his phone and when you gave your phone number … those cracked apk steal the phone numbe and sent to their server or handler
May be this is the scenario.. cyber security expers can know better
The host seems like a rich guy who is enjoying his retired life and does not need to resort to such things. He seemed a well-respected gentleman to me. He lives on the ground floor with his family, the guests stay on the upper floor.
I did suspect some hidden transaction, so I went through my inbox carefully, but so far no transactions. I suspected some leaked login info too, but no login e-mails either.
The bombing seems to have stopped after posting on TE though. So I hope it’s not one of you messing with me.
The host has a compromised device which he don’t know
His device may have been compromised by earlier airbnb guest or any other guy
Since he host many people domestic and international tourist… someone must have entered his device with some way
The more scary part is that he is an ex army guy… and earlier in news we get to know about all this things… he don’t know may be his device is being spyed y other people
If you are not comfortable telling him.. stay quite and when you check out just give him a hint to be safe and do not install any unknown apk..
Seems like a good movie plot .. but anything possible in today’s time
and army officers are so dumb they are very easy to scam hence such retired officers are always in the news getting duped of lacs and crs. Their enemies cannot fool them but a babe or a guest can fool theme easily hence they fall in those honey-traps dreaming of another honeymoon.
I will take your word for it. Thanks for sleeping.
I am pretty sure my number is known to at least 1/3rd of the regulars here because of the marketplace and since I’ve joined too many WA groups. I should cut down on them.
So I hope it’s not one of you messing with me.
