Scam alert – two-factor authentication

The bad guys are always looking for new ways to get your personal information.  We talk a lot about protecting the data on your computer.  Now we need to talk about your smart phone.  Just like it’s important to keep the updates on your computer up-to-date, you must also do the same for your smart phone.  I always research each update to make sure there are no major problems before installing them, but that’s just because I’m overly cautious.  Like their computer counterparts, these updates patch security holes as well as provide bug fixes.

Andrew Clarke

For those of you who use two-factor authentication, I was recently made aware of a new scam.  Let’s start with a little background about two-factor authentication.  Two-factor authentication is used to enhance access to your on-line accounts, whether that be banking or cloud access or what have you.  The way it works, generally, is that you log into your account with a username and password.  You are then prompted for an access code.  This access code is sometimes obtained using an app called an authenticator, but it could also come in the form of a text message.  Once you enter the code provided, you are given access to your account.  The reason this method of access is more secure is because it requires something that you know (your username and password) and something that you have in your possession (your smart phone).  That means that even if the bad guys get your username and password, they can’t access your account because they have no means of getting the access code unless they have your smart phone.

How the scam works:  The scammer sends you a text that looks like it comes from the company being accessed.  It claims suspicious activity and says your account will be closed if you don’t send back the verification code you will get in a separate text.  If you send back that code, you will be giving them the piece they are missing because they log into your account, which triggers the system to send you a text with the code.  Once you send them the code provided, they access your account and take it over.  The important thing to remember is that you will never randomly get a code via text.  You will only receive such a text if you are (or someone else is) actively logging in.  If you receive such a text, change your password immediately to prevent further attempts.

Social engineering is the number one way scammers gain access to your personal information and accounts.  Guard against it.  Never give out personal information like social security numbers or credit card numbers in response to a text.  This rule is similar to giving information to someone who randomly calls you.  You have no way of knowing who is really on the other end.

Don’t fall for the scare, act now, tactics of these criminals.  Think before you click!

Share and Enjoy:
  • Print
  • Facebook
  • Google Bookmarks
  • Tumblr
  • Twitter
  • LinkedIn
  • PDF
  • RSS

No related posts.

This entry was posted in HIPAA, IT and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>