Phishing vs. Two-Factor Authentication

| Posted on |

Knowing how to identify a scam call can help protect your account

Recently, a friend shared that she received a phone call from someone claiming to be from her bank, requesting access codes from her authentication app. It turned out to be a scam aimed at gaining access to her bank account.

Phishing Scams

Phishing is a common scam where a malicious user tries to gain access to an account by pretending to be from the organisation the account is with. Organisations often post warnings that real staff members will never call to ask for passwords, helping users to avoid falling into this trap.

What Makes Two-Factor Authentication (2FA) Great

Even if you never share your password, it can still be compromised through online attacks targeting users or companies. The great thing about 2FA is that a leaked password is useless to an attacker if the account is protected by 2FA. The second authentication factor can alert users to an attempt to get around their security, in the form of an unexpected 2FA request, signalling the need to change their password.

2FA is now widely used because of its use in keeping accounts secure even if passwords are compromised. While we’d all be much happier if online attackers simply gave up, many are tenacious enough to seek ways around it.

Bypassing 2FA

Scammers can attempt to bypass 2FA by calling the user, claiming to work for the company and requesting login details to check something on the account. Since 2FA as a routine measure is comparatively new, not all users are cognizant of the need to keep their 2FA codes secure. Attackers may convince users that legitimate staff members might call to ask for 2FA codes or approve a login but this never the case.

How to Stay Safe

If someone calls you claiming to be from your bank or any other company and asks for your login information, it’s a clear giveaway that they’re not legitimate. Your 2FA codes are a vital fallback for if your password is compromised and should be kept private, just as your password should be. Never give them out to a caller. If you receive 2FA requests that you didn’t initiate, that’s a warning sign that someone is trying to break into your account, and you should change your password immediately.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.