- Dual Factor Authentication Scam
What You Need to Know
Two-Factor Authentication (2FA) is a valuable tool for enhancing account security, not a scam. However, many people use the same password across multiple accounts, which increases vulnerability when one password is compromised. The reality is that it’s not a question of if your password will be exposed, but when.
Scammers have recently exploited this by sending text messages that appear to be from trusted companies, claiming there’s suspicious activity on your account. These messages warn that your account will be locked unless you verify your identity. They instruct you to reply with a code that they will send you, making the request seem legitimate.
In reality, these scammers already have your password and are attempting to log into your account, which is protected by 2FA. By sending them the code, you unintentionally bypass 2FA, granting them full access to your account. Always exercise caution and never share authentication codes, even if a request seems genuine.
What You Should Do
We strongly recommend updating your personal passwords every three to six months. Regularly changing passwords minimizes the risk of cybercriminals gaining access to your most recent credentials in the event of a data breach. This proactive step enhances your overall online security.
When receiving emails or text messages claiming to be from a trusted source, exercise caution. Always verify the sender by checking the email address or phone number, as inconsistencies often reveal fraudulent activity.
If you’re uncertain about the legitimacy of a message, go directly to the source. Contact the organization’s customer support using their official phone number or email listed on their website to confirm whether they reached out to you. Taking these steps can help protect your personal information from scams and cyber threats.
Think you are being scammed? Call our scam hotline or email us for help:
(801)-724-6211
scamwatch@invisus.com
