With online holiday shopping in full swing, the Better Business Bureau (BBB) is warning consumers about the potential for more scam activity. The latest con technique is to impersonate the two-factor authentication many companies use to keep accounts more secure.
Here’s how it works
For two-factor authentication you need two pieces of information to access your account—something you already know, like your username and/or password, plus a unique code that is sent to you (generally via text message).
With this scam, you get an email or text saying that there’s been suspicious activity on one of your accounts and you must confirm your identity. Since you set up two-factor authentication that would ask you to confirm logins from new devices, this message doesn’t really raise any red flags.
After this point, the BBB says one of two things happens:
- The alert urges you to reply with the authentication code you are about to receive. When you do, you give scammers the authentication they need to access your account—since they already had your username and password from previous data breaches.
- You receive a suspicious activity alert that includes a link so you can confirm your identity. When you do, you inadvertently download malware onto your device that gives the thieves access to your personal information, keystroke history, etc.
How to avoid two-factor authentication scams
The BBB advises that you do three things to steer clear of these scams:
1) Never reply to a text message with your authentication code. Think about it this way: a legitimate company will never ask you to text a code they just sent to you!
2) Keep an eye out for suspicious account activity. If you didn’t try to log into an account, you shouldn’t have received an email or text about it. Someone may have gotten your username and password so change your password immediately.
3) Don’t click links in unsolicited emails. If you get an unexpected email, even if it’s from a company you know, take a second look to make sure it’s legitimate. Scammers will steal logos and graphics to make their emails look real, but if you examine it closely, you’ll notice signs that it might not be.
The Better Business Bureau has more holiday shopping tips at bbb.org/holidayhelper.
Image courtesy of Misaochan.