Scams have been around for a long time. Unfortunately, as technology has continued to advance, scams have evolved to keep up with the times. What started out as physical junk mail and pyramid schemes eventually turned into robocalls and email phishing.
You’ve probably heard about the basics of defending yourself against these scams. You should never answer calls with a number you don’t recognize, respond to an email from an unverified source, or give out any passwords to anyone.
The problem is hackers are creating scams that are harder to spot.
How Common Are Text Scams?
Scams centered around text messages have been steadily rising. In 2018, the average number of monthly spam texts a person would receive was 8.5. That number would nearly double by 2021 as the average jumped to 16.9 messages per month.
With so many phishing attempts, it’s easy to see why people get scammed. 2021 saw record numbers in terms of the total number of Americans scammed (nearly 60 million), average money lost (about $500), and total money loss (roughly $30 billion). Unless you want to join these statistics, you should take action to protect yourself against phishing scams.
What Is Two Factor Authentication?
Two factor authentication (2FA) is one of the most popular ways to create an additional layer of security for online accounts, including your Apple or Microsoft accounts. Single authentication will grant access to your account as soon as you enter the username and password. 2FA requires another piece of information before granting access.
The requested information typically falls under one of the following categories:
- Knowledge: This is usually information that only you should know such as a personal identification number or an additional password. In most cases, the secondary password is the answer to a personal question that no one else should know. Common questions typically include: “What is your mother’s maiden name?” “What was your first car?” “What is the name of your first pet?”
- Possession: These are usually items that only you can access, such as your cell phone, email, software, or credit card. In the old days, businesses would require hardware tokens to grant access to their sensitive information. A key, flash drive, or disk could be required to allow entry. For obvious reasons, physical items aren’t very common for everyday online security.
- Body parts: It might sound like something from a science fiction novel, but various parts of your body can be used as a security layer. A biometric pattern of your fingerprint, iris, face, or voice can be used to unlock your accounts. These are becoming much more common as smartphone technology easily facilitates all four of these options.
How Does a Verification Code Scam Work?
Most websites and online accounts recommend that you enter your personal phone number. The reason is so they can easily set up the most common type of 2FA: an SMS text message. While these businesses mean well, it’s never a good idea for you to give out your mobile phone number.
Unfortunately, there are a few different types of verification code scams used by cybercriminals. It can be difficult to identify these scams, especially for people that are over-trusting or unfamiliar with technology such as children or the elderly.
The Google Voice Verification Code Scam
One common scam is known as the Google Voice verification code scam. There are a few variations, but it’s always used on people that have listed something for sale online.
Let’s say that you recently listed something on Craigslist, eBay, or Etsy and posted your phone number in your contact information. The scammer would have your phone number (which is not good) and would text you regarding the item.
They would send a message saying something like: “Hello, I’m interested in (the item) and would like to buy it if it’s still available. First, I want to make sure that you aren’t a scammer. I’m going to send you a Google verification code to prove that you’re a real person.”
The text message that you receive will contain a six-digit code. If you send them the code, the scammer will then attempt to create a new Google Voice account with your phone number. If successful, the scammer will now be able to use your number to make calls, send texts, or receive 2FA verification codes from your online accounts.
They can use this account to hide their identity while they scam other victims or sell the account to cybercriminals and hackers for a profit.
The Leaked Information Verification Code Scam
Fear is a powerful motivator and can make you react without thinking. Even the most secure online accounts can be the victim of data leaks, breaches, and exposure of information. This includes trending apps like WhatsApp, TikTok, Gmail, and other social media accounts.
These data leaks can commonly result in spammers getting ahold of your username and password. The last piece of their criminal puzzle is to get your authentication code.
The easiest method is for them to send you a phishing text message saying that your account has been compromised. A lot of these messages will really lean into the fear and sound something like this: “ALERT! Your account has been BREACHED! Please reply to the following authorization code to confirm your identity!”
The scammers will then attempt to log in to your online account, which will trigger the 2FA verification code being sent to your phone. Things will move very quickly if you text the authorization code to the number that sent you the first message.
The hackers will enter the code and be granted access to your account. They’ll immediately change the password and login information so you are locked out of the account and at their mercy.
Get a Second Number To Stay Safe
There is nothing to gain from using your real number online. Even if it doesn’t feel like it, your personal phone number is a sensitive part of your identity. Using a second number online is an easy way to build another wall between you and scammers.
Downloading the Burner app will provide you with a second phone number and keep you safer online. Entering this number online will keep your personal number private. In the event that your number is compromised online, you can simply “burn it” and get a new one. The number will be completely useless to any scammers or hackers.
Visit Burner today to enjoy a free seven-day trial and learn more about how to stay safe online.
The Google Voice Scam | Federal Trade Commission
Two-Factor Authentication | Investopedia