Scam artists never cease to amaze when it comes to the creativity and artistry they put into their scams. As I have written many times, scammers will often lure people into providing their user names and passwords to scammers using carefully crafted spear phishing emails or text messages. This was how the cybercriminal who was able to steal access to the gmail accounts and iCloud accounts of celebrities such as Jennifer Lawrence was able to gain access to their accounts. One of the ways often advised to avoid this problem is to use dual factor authentication whenever you can. With dual factor authentication, whenever you are going to access an online account, a special code will be sent to your smartphone after you have typed in your user name and password. Without this code, you cannot gain access to your account. Dual factor authentication works well, but nothing is fool proof. Fools are powerful.
A fascinating way that scammers are now getting access to the accounts of people using dual factor authentication is by sending you a text message posing as the company with which you have an online account and telling you that your account may have been hacked and that if you want to close access to the account for security purposes, you will have to reply to the text message with the 6 digit verification code that you will be sent by the company momentarily. Of course, the text message is not from the company you do business with, but rather it is from a scammer who has just typed in your user name and password, but can’t get access to your account protected by dual factor authentication until he enters the code about to be sent to your smartphone to verify the legitimacy of the hackers attempt to access your account. If you fall for the scam and reply to the text by sending the code you receive from the company with which you use dual factor authentication, you will have turned over access to your account to a scammer.
Whenever you use dual factor authentication, you will only be sent the code to verify an attempt to log into your account so if you have not attempted to log into your account and you receive a verification code through a text message to your smartphone, it is because a scammer who already has your user name and password is attempting to access your account. Never provide that code to anyone. It should only be used by you to input into your smartphone or computer when you log into a dual factor authentication protected account. Never provide sensitive information, such as your Social Security number, credit card numbers or dual factor authentication codes in response to an email or text message because you can never be sure who is actually communicating with you.