Home » Blog » Scam Alert: When Text Message Authentication Fails

Scam Alert: When Text Message Authentication Fails

by Rod Spurgeon
Fun Apps for Elders

How text message authentication can fail, and what to do about it

 
During a dinner at a local restaurant, Phil and his date Aggie share a delightful evening together. When they finished their meals, Phil removed his black cloth napkin from his lap and set it on the table next to his plate. Shortly after that, he paid the bill and left the restaurant with Aggie. Scam Alert: When Text Message Authentication Fails
At an adjacent table, Dominic casually watched other diners in the restaurant, including Phil and Aggie. When he spotted Phil drop the napkin on top of a black smartphone, Dominic focused his laser-sharp senses on Phil’s next moves. As Phil left the restaurant, and before the restaurant staff could clear the dinnerware, Dominic casually moved to the table abandoned by Phil and borrowed the salt, while subtly slipping the phone into his coat pocket.
Dominic returned to his table and perused Phil’s lock screen. He saw a picture of the man with his date standing on a beach somewhere on a bright, sunny day. Scrolling across the image was the message “Email me if you find this phone” followed by an email address. Dominic smiled at the message and retrieved his phone from his pocket.
The career criminal opened his web browser and navigated to Phil’s email hosting provider. He entered Phil’s email address and a wrong password, which prompted the message, “Can’t access your account?” to appear on the screen. Dominic followed the instructions to reset the email account password, and within a few seconds, a message scrolled across the screen of Phil’s phone with a recovery code. Scam Alert: When Text Message Authentication Fails
After Dominic entered the code into his phone, he was able to change the password to Phil’s email account and gain access to everything inside it. Since Phil used the same login name and password for many of his online accounts, Dominic could identify the social media, financial and other accounts Phil used through his emails and gained access to those accounts as well.
Criminals will look for every opportunity to steal everything they can from you whenever possible. In the scenario above, Phil used his cell phone number as a password recovery option for his email address. When Dominic gained access to Phil’s phone and email address, he used the information to order the email provider to send a recovery code to Phil’s phone. Dominic was able to read the message containing the code since Phil allowed new messages to appear on his lock screen. Phil’s use of the same password for multiple accounts gave Dominic easy access to Phil’s bank, shopping, and social media accounts, allowing the criminal to easily raid their contents. Scam Alert: When Text Message Authentication Fails
If there is a vulnerability in your phone security, a criminal will find it. Don’t give them the chance to make your life miserable.
Take the following steps to make sure a criminal can’t use your phone to gain access to your personal information:

  • Add a passcode to your phone to prevent an unauthorized user from gaining access to its contents.
  • Turn off new message alerts on your lock screen.
  • Use a secondary email address as an email account password recovery option.
  • Make each password to every online account you own unique. Never use the same password twice.

If you don’t have a “lost phone” notification message on your lock screen, see if your cell phone offers the option and install it. Add the message, “If found, please call (telephone number).” If you don’t own the offered telephone number, ask another person for permission to use his or her number for the recovery option.
Following the steps above to secure your accounts might increase the time it takes you to access new messages, but it will make it far more difficult for a criminal to gain access to your data.
Your account security is in your hands. Make that security as strong as possible to avoid getting hacked.
Scam Alert: When Text Message Authentication Fails
Scam Alert: When Text Message Authentication Fails
Scam Alert: When Text Message Authentication Fails

Scam Alert: When Text Message Authentication Fails

Scam Alert: When Text Message Authentication Fails

Scam Alert: When Text Message Authentication Fails

You may also like

Leave a Comment