The headline of this Scam of the day may be a bit confusing because dual factor authentication is not itself a scam, but rather a tool to avoid being scammed.  It is not unusual for passwords to be compromised, particularly if you use the same password for all of your accounts, which we strongly urge you not to do.  Using the same password puts all of your accounts in jeopardy if a data breach at one account results in your password being stolen.  Here is a link to a Scam of the day in which I describe how to choose strong, unique passwords that are easy to remember.

However, regardless of how careful you are to protect your passwords, it is inevitable that your passwords will become compromised which is why I always suggest that people use dual factor authentication which protects your accounts even if your password is stolen.  In the most common form of dual factor authentication, when you go to an online account and put in your password, a text message with a one-time code is sent to your cell phone for you to provide in addition to your password to gain access to your account.  This system works well, but nothing is foolproof.  Never underestimate the power of a fool.

Recently scammers have been sending text messages that appear to come from a company with which you do business informing you that there has been suspicious activity on your account and that you need to confirm your identity or else your account will be locked.  You are then told that in order to do so, you will receive a text message with a code that you should, in turn, text back as a reply to the scammer.  Unfortunately, what is actually happening is that the scammer has already managed to obtain your password and has just tried to log in to your account which is protected by dual factor authentication, so if you do send the code to the scammer, you will have defeated dual factor authentication and enabled the scammer to access your account.


This is an easy scam to avoid.  First of all, as I have said many times, whenever you receive an email, phone call or text message, you cannot be sure as to who is really contacting you so you should never provide personal information of any kind or click on a link provided unless you have absolutely confirmed that the text message was legitimate.  You can do this by contacting the real company that the text message purports to be from.  However, if you receive a text message such as the one described above, you can be sure that it is a scam because no company will ever ask for your dual factor authentication code through an email or text message.

If you are not a subscriber to and would like to receive  free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and type in your email address on the tab that states “Sign up for this blog.”