2-Step Authentication Scam

2-Step Verification Scam

With more users realising the security benefits of 2-step authentication, the criminals are coming up with new ingenuous ways to break into your account.

What is 2-Step Authentication?

2-step authentication is the process of using a trusted device, such as your smartphone, to authenticate you when you log into a web service from a non-trusted device.

Site such as Gmail, Facebook, Twitter and Outlook/Hotmail have been offering 2-step authentication for some time, and all users should have it activated where possible.

When you (or someone else) attempts to log into your account on an non-trusted device, such as a friends computer, internet cafe or some hackers PC, the website sends a request to a previously registered trusted device, usually your smartphone, either by texting you a security code or activating an installed app to generate a code that you can type into the website to confirm you are indeed you.

Why should I have this?

Most websites allow you to change you password from the logon screen as long as you and have access to your email address by clicking through the ‘Forgot Your Password’ link. So if a hacker can get to your emails, then they can potentially access any website you use and prevent you from being able to get in.

How do they get around 2-step authentication?

The latest tactic to this is for the criminal to use publically searchable sites to find your email address and mobile phone number, you’ll be surprised how easy this can be, especially if you’re a big internet user!

Once they have both these bits of info, they send you a text message along the lines of “Outlook.com security have identified unusual activity on your account, please reply to this text with the security code we text you to confirm your identity” so an unsuspecting user is now thinking something is up and waits for Outlook (or whoever) to send them a security number.

The hacker then logs into Outlook.com with the users email and activates the ‘forgot password’ to get the server to send out the security code.

Once the user has the code, they reply unknowingly to the hacker with the code needed to verify them, allowing the hacker to log in and access your account.

What should I do?

No 2-step verification services will require you to text your security code back to them, you only need to enter this into the web interface when logging in from an untrusted computer. Being vigilant is the best defence against this kind of phishing attack.

#WeCanHelp

If you’re new to 2-step authentication, would like more information on how it works, how you can use it or how to spot fraudulent activity on your accounts, contact us.

We can provide advice on staying safe online and show you how to make your accounts secure, how to manage your passwords and how to spot fake messages.

07825650122 | it@tinsleyNET.co.uk | @tinsleyNET | +tinsleyNETcouk | www.tinsleynet.co.uk | Facebook | #Stuff4Steph
tinsleyNET LTD | IT Services Consultants
Offering IT Services to businesses and home users across the UK
#WeCanHelp