When creating an account on Apple, Android, or another website, they sometimes require you to have what’s called two-factor authentication on your account to protect it. They claim that this is a safer way to protect your account so that it is a lot harder for hackers to log-in and steal your information. However, there are scammers and hackers who have found a way the two-factor authentication and try to trick you into giving them your information as well as the two-factor authentication code. So the lingering question remains: does two-factor authentication really protect your account?
How Two-Factor Authentication Works
Two-factor authentication is supposed to give you an extra sheet of protection on your accounts by either sending a code to your email address or phone number or by having you memorize a PIN number to access your account. That way, if a scammer were to ever figure out your username and password, they still wouldn’t be able to access your account without the proper PIN number or access code texted or emailed to you.
Are Hackers Still Able to Go Around This to Hack Accounts?
Absolutely. Just because you have two-factor authentication on your account doesn’t guarantee that your account is 100% safe. It’s just meant to make the account safer by adding an extra passcode onto your account in case someone else happened to get your password.
Obtaining your username and password is easier than one might think since data breaches make it easier for scammers to hack into your account without two-factor authentication. Because hackers are so desperate to get into your account, they are still able to come up with scams and malware to steal your passcode and gain access to your account anyway.
Ways Hackers Are Able to Obtain Your Two-Factor Authentication Code
Phishing Text and Emails
Scammers send phishing emails and text messages with a fake website saying that your account was compromised. When you click the link, it looks like the actual website they are talking about, so you enter your name, password, and code sent to your phone. They then take this information and log in to your account, changing your information and locking you out of your account.
Man-in-the-Middle Attack
This happens more-so when using public Wi-Fi networks. You log-in to your account with your username, password, and code texted to you, thinking that only you can see this information. However, what you don’t know is that there’s a scammer who has hacked into the public network and is using a website to steal information that you can see off of your device. It basically records your screen and shows the information to the scammer so they can log-in to your account, locking you out.
Port-Out Scam
Scammers search the dark web for your personal information, then call your cell phone company pretending to be you. They say that they need all your text messages to go to a different phone and verify that it is indeed you calling using your information.
The phone company transfers your phone number to that device, and the hacker receives the text message with your passcode to get into your account. The hacker then accesses your account with your username/password they got from the dark web and your access code that they were able to get through your phone company. They then lock you out of your account.
Fake Bank Phone Calls
A scammer calls you pretending to be your bank and masks the Caller ID to look like its actually your bank calling. They tell you that your bank account has been compromised and need to access your account to fix it. They ask for your OTP (one-time passcode) to enter your account. Once you give them the passcode, they tell you it’s fixed and hang up on you.
In reality, they changed your information so that you can’t access your account, and moved your money into another bank account created in your name. Then, they transfer your money to their personal banking account, stealing your hard-earned cash.
How to Avoid Two-Factor Authentication Code Scams
- Use two-factor authentication apps versus using your cell phone number. This will protect your one-time code from hackers who are looking to use it to gain access to your account. They won’t be able to access your code simply by using the port-out scam, and won’t have any way to access your secure app. Examples of these types of apps include Authy and Google Authenticator.
- Don’t give anyone your log-in, one-time passcode, or personal information. With this information, hackers can easily trick you into filling in the blanks for the rest of the information and hack your account. For example, if they got your personal information or log-in information off the dark web, all they need is your one-time passcode to log-in to your account.
- See if your cell phone carrier can provide you with extra security measures to ensure that your phone number won’t be transferred to another device without your consent. See if your cell phone carrier has any security questions you can answer, or if there’s anything else they can do to provide you with extra security. This will allow you peace of mind knowing that no one can access your text messages even if they got your personal information from the dark web.
- If you get sent a passcode and you aren’t attempting to log-in to that website, change your password immediately. This could be a sign that someone is attempting to log-in to your account and knows your username and password. By changing your password, the hacker would no longer know your password giving that extra security blanket back to your account.
- Don’t log-in to your two-factor authorization account while on public Wi-Fi. Hackers are easily able to access public networks to steal your information without you even knowing it. To be on the safe side, avoid logging into your personal accounts on public Wi-Fi, and wait until you get home instead.
- Don’t click on any suspicious links randomly sent to you. If you get a phishing email stating that your account was compromised with a link to “fix it”, go on the actual website instead to change your password. It could be possible that it was a fake email with a link to a fake website that is trying to steal your information.
Social Catfish is Here to Help You!
If a scammer contacted you and successfully accessed your account using two-factor authorization and you have any of their information, Social Catfish is here to help you! We can reverse search any name, email address, phone number, social media username, or image to see who was trying to access your online accounts.