If you thought you can be free of cyberthreats just by being careful while using internet and not sharing sensitive information with others and clicking on links in unsolicited junk mails, you are wrong. Hackers have found a new way to get your information, including one-time passwords (OTPs) and login links for services like WhatsApp.
Hackers are using text-messaging management services, meant for businesses, to redirect SMSes meant for victim to their systems. The negligence of telecom companies in countries like US is responsible for such attacks.
As per a report in Motherboard, a reporter Joseph Cox became the victim of such attack on his personal number. The hackers were able to redirect Cox's text messages, and his WhatsApp, Bumble, and Postmates accounts were compromised. The hacker managed to log in and take screenshots of content of his accounts. Fortunately, the attack was carried out by a pseudonymous hacker Lucky225 with Cox's permission to highlight the flaw.
Unlike other hacking activities like SIM swapping and SS7 attacks, which also involve SMS and cellular systems, the victim won't immediately know if his or her text messages are being redirected. It is easy to assume that there is an issue with the network or service provider when OTP SMSes are not received. In SIM swapping and SS7 attacks, the victim gets to know within a few moments that the phone has been hacked as the phone loses cellular network completely.
The service to redirect SMS can be availed by just paying $16 in US. The service is meant for businesses, but is being misused by hackers. In most cases, the service providers don't even seek permission of the user to redirect the text messages, or just inform the owner that the texts have been forwarded.
The hackers can easily reset the password of some your accounts using these services and you might never be able to use that account again. So next time if you don't receive your OTP, try to find out the reason behind it.