Some days back, I logged into an online exam portal for a professional exam. The portal had a 2-step verification process (password and an OTP sent to my phone). When I clicked on the button requesting for OTP, I received an OTP message from an unknown sender (I’ve logged in the portal before and so I was able to recognize that the sender was different). Believing that everything was okay, I entered the OTP and the webpage prompted that the OTP I had entered was incorrect. I clicked on “Resend OTP” and then I received the same OTP message from a third sender, and on entering it again, I found that it was incorrect yet again. Fortunately, I was able to continue to my examination by receiving the correct OTP by clicking on an option “receive OTP by email”.
However, now I am concerned if this was a man in the browser attack, my suspicions only being bolstered by the fact that nothing of this sort happened to anyone else who sat for the exam.
If this was a MITB attack, what can I do now to prevent anything wrong from happening in the future? I use Windows 10 and Chrome.