Do you use 2-factor authentication to log into your online accounts?
There is a new texting scam to watch out for if you use 2-factor authentication. 2-factor authentication is when the account you are logging into sends you a text message with a code that you must enter along with your username and password to log in successfully. Its purpose is to add an extra layer of security.
Now, criminal hackers are trying to get past this with a nasty trick you need to watch out for. Tens of millions of hacked user names and passwords have recently surfaced — yours may be one of them — and they are using these for this scam.
HOW THE TEXTING SCAM WORKS
They send you a fake (spoofed) text that looks like it’s from the company you have an account with, claiming that your account may be hacked or that there is suspicious activity happening.
In the same text they say they will send you your verification code and that you need to send that right back to them or your account gets closed. But if you text that verification code back, you have given the hacker just the thing they needed to hack into your account!
HOW TO STAY SAFE
If your accounts are protected by 2-factor authentication, the only time you will be sent the code is to verify an attempt to log into your account. That means if you did not just try to log in and you suddenly receive a verification code through a text message to your smartphone, it is because a scammer who already has your user name and password is trying to hack into your account.
Never provide your verification code to anyone. Only use it to input the code into your smartphone or computer when you log into a 2-factor authentication protected account. And as a reminder, never give out personal information, such as your Social Security number or credit card numbers in response to a text message (or email) because you simply cannot know for sure who is really on the other end of that communication line.
Remember, Think Before You Click!