Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

BBB Tip of the Week: Thieves use two-factor authentication con to hack your account

By Tyler Russell BBB Northwest and Pacific

Two-factor authentication is a security measure many companies use to help keep your accounts safer. But scammers have devised ways to impersonate those alerts and steal login information.

Since Cyber Monday has come and gone, with so many deciding to get their Christmas shopping completed online, the threat of scammers is all too real. This holiday season, millions of consumers continue to shop online, and BBB expects scammers to be out in full force. Better Business Bureau Northwest and Pacific has tips on to how this scam works and what you can do to avoid scams like these in the future.

How the scam works

You get an email or text message saying there has been suspicious activity in your account and you need to confirm your identity. You set up two-factor authentication, an extra security measure that requires you to confirm logins from new devices.

From there, this scam has two versions. In one, the alert urges you to reply with the authentication code you are about to receive. If you do so, scammers will use this code to gain access to your account. In another twist, the fake “suspicious activity” alert asks you to click a link to confirm your identity. When you do, malware may download to your computer, giving thieves access to your personal information, keystroke history and more.

How to protect yourself

Never reply to a text message with your authentication code. A legitimate company will never ask you to text them a code they just sent you.

Keep an eye out for suspicious account activity. If you didn’t try to log into an account, you should not have received an email or text message about it. Someone may have obtained your username and password. Change your password immediately.

Don’t click on links in unsolicited emails. If you receive an unexpected email, even if it is from a company you know and trust, take a closer look. Many scammers use stolen logos from familiar stores and banks to create emails that seem real.

For more information

Read more holiday shopping tips at BBB.org/HolidayHelper.

To learn more about this kind of scam, read the article go.bbb.org/phishing. To learn more about other kinds of scams, go to BBB.org/ScamTips.

If you’ve been targeted by this scam, help others avoid the same problem by reporting your experience at BBB.org/ScamTracker.