AARP scam alert: The facts on two-factor authentication
One way to protect yourself from identity thieves is by opting into two-factor authentication. This means that to log in to a given site, you enter your password, and then are prompted to enter an authentication code. You either receive the code via text, phone, or email, or you use an app that generates the code. Once you enter that code, you are able to log in. This additional layer of security is meant to protect you in case a criminal has your login information. But like other protections, scammers have found a way around it.
Credit reporting company Experian warns that scammers are using bots — automated programs — to convince people to share their two-factor authentication codes. The bot makes a robocall or sends a text that appears to come from a legitimate entity, like your bank. It asks you to authorize a particular charge, and if you didn’t recognize the charge, to enter your authentication code. In reality, the bot is trying to log into your account, but it needs that code to break into your account
Two-factor authentication codes work as intended, but if a criminal is able to convince you to share it, it has no value. Anytime you are prompted by an unsolicited communication to share a recently received authentication code, it’s a scam. Change your password to that account ASAP.
Be a fraud fighter! If you can spot a scam, you can stop a scam.
Report scams to local law enforcement. For help from AARP, call 1-877-908-3360 or visit the AARP Fraud Watch Network at aarp.org/fraudwatchnetwork.