Unexpected 2FA Codes: Your Cybersecurity Wake-Up Call – 5/5/2024
We’ve all had those moments of confusion when our phone buzzes with a notification that doesn’t seem quite right. If you’ve ever woken up to a text with some random numbers and wondered what it is, you’re not alone.
Getting a code for two-factor authentication (2FA) from a service you use when you didn’t request one deserves some attention. Rather than ignoring the strange message, it’s a good idea to take action to help protect your online accounts.
Understanding 2FA
2FA, or “Two-Factor Authentication,” is an important security feature many apps and websites use. It adds an extra verification step beyond just a password. After you log in, 2FA will text or email you a special code to enter before you’re given access to your account. This acts like a second lock, keeping hackers out even if they somehow steal your password.
Spot the Warning Signs
When you receive a 2FA code you didn’t request, it’s a clear sign that someone is trying to access one of your online accounts. It often indicates that your password has been compromised through a large-scale data breach or a more targeted attack. Hackers may be attempting to log in using your stolen credentials, and the 2FA code is the only thing standing in their way.
Taking Immediate Action
Rather than ignoring the 2FA code or brushing it off, it’s important to take action right away to secure your accounts.
Do not click on any links in the email or SMS. Open a browser, log in to the relevant account, and change your password to something unique and complex. Make sure it’s different from the one you used before and not used for other accounts.
Check if your old password was involved in any known breaches using a tool such as HaveIBeenPwned.com. This can help you identify if you have any other accounts that may be at risk.
Consider changing passwords for any other accounts using the same or similar passwords in case of credential stuffing attacks. This is when hackers use stolen passwords from one breach to try and access other accounts.
Be wary of emails or texts asking you to provide a 2FA code. Legitimate services will never ask for this, and it’s likely a phishing attempt.
This unexpected 2FA code experience is a valuable reminder of the importance of proactive security measures. Two-factor authentication is what saved you this time by blocking the hacker’s attempt to access your account, so take a moment to ensure you’ve enabled it on every site that offers it.
Additionally, using unique, strong passwords for each account is essential to prevent the ripple effects of a single data breach. A password manager can help you generate and store complex credentials, ensuring one compromised password doesn’t put all your other accounts at risk.
While complete online security can never be guaranteed, taking these fundamental steps – enabling 2FA and using unique passwords – goes a long way toward safeguarding your personal information and digital identity.
For more information or assistance with 2FA, contact your local Twin Cities PC Repair professional today at (651) 456-8655 or send a message through my Contact page.
Deepfake Voice Scams: Don’t Fall for Them, 5/8/2023
Deepfake has gone mainstream. You’ve probably seen a movie or TV show with a character complaining about images or videos that look real. You should also be wary of deepfake voice scams.
Deepfake is a mashup of the words deep learning and fake. The technology uses artificial intelligence and machine-deep-learning algorithms. This can create convincing representations of people for special effects or silly videos, but these fake videos or images can also be more dangerous.
Malicious deepfakes spread false information or can defame or scam people. That’s what we want to talk about in more detail here: fake voice scams.
What is a “deepfake voice” scam?
This type of scam manipulates synthesized speech to convince you that someone is saying something they didn’t actually say. This increasingly common scam tricks you into providing sensitive information or sending money.
Criminals first record a voice sample from their victim. They might use speeches, TikTok or YouTube videos, podcasts, or phone conversations. Then, they turn to a tool such as ElevenLabs, Resemble, Overdub, ReadSpeaker, or Voice.ai. These platforms analyze speech patterns and create a voice mimicking the original. The bad actors can then generate a new speech that sounds like the original speaker said it. They script it, and the Ai voice says it.
Examples of deepfake scams include creating a voice that mimics a family member. They’ll script a request for help in an emergency situation. Or you might get a call from a lawyer claiming to need payment to help defend a family member.
You might also hear from a celebrity who wants you to donate to their charity. The fake voice might also ask for sensitive information, such as banking details. After all, who wouldn’t trust Liam Neeson if he called personally?
A tech support scam is another common one. The scammer creates a voice for a customer support representative from a prominent company. They request remote access to your computer to “fix” a non-existent problem. Instead, they’ll steal sensitive information, such as login credentials, or install malware.
How do I defend against deepfake scams?
This technology does a good job, and the scam can be very convincing. Be cautious of unexpected requests for personal information or money made by phone. Be especially suspicious if the request makes an emotional appeal to you to act now.
Confirm before you share sensitive data or transfer money. For example, if you’re asked to pay a lawyer to help your grandson in an accident, check in with him first. Or, if someone calls from your internet service provider, use a trusted phone number to confirm their authenticity.
We can help you combat deep-fake scams. We can install email and Web filtering, multi-factor authentication (MFA), and endpoint protection. Our IT experts can also watch networks for signs of attack and respond to minimize potential damage. Call us today at (651) 456-8655 or visit our Contact page.
The holidays are busy. We’re trying to get work done to have some fun, and we’re hosting family and friends. Plus, parents that have the holiday Elf tradition must remember to move the doll every night. It’s a lot, and it can make us more likely to fall for scams that can lead to data theft.
Hackers like to take the path of least resistance. Why work harder than they have to for their ill-gotten gains? Instead, they’ll use social engineering to get you to give them your data or download their malware. Look out for these top holiday scams.
Parcel delivery scams
More people are expecting packages this time of year. Bad actors take advantage of this with what’s called a smishing scam. It’s a particular type of scam using text/SMS messaging. You get a message from a known service telling you a delivery needs rescheduling, or that there’s an outstanding fee that needs to be paid.
Recipients, who are already expecting a package, are quick to fall for the request. Clicking on the message link, they enter personal information or download malicious software.
Tip: Go to the source of the package you’re expecting and see what they’re saying about your package delivery.
E-card scams
Another common holiday season scam takes advantage of our enthusiasm for money. Scammers send e-cards to your email. When you click on the link, you’ll download a virus or other malware (e.g. ransomware).
Tip: Check the credibility of any e-card sender before downloading the “gift.”
Christmas hamper scams
Everyone wants to be a winner, but don’t fall for the scammer calling or emailing to say you’ve won a Christmas hamper. They’ll claim to be from a legit organization and have some of your personal information already. That helps them make it all seem genuine. Then, they’ll ask for you to provide more personal details to collect your prize or gift.
They may ask only for your full name, address, and phone number (if the request was emailed). They’ll be collecting this information for a more focused attack in the future.
Tip: Use strong passwords and be careful about what personal details you put on social media.
Fake websites
Many people shop sites that are unfamiliar to them at this time of year. Grandparents (even parents) know nothing about that latest trendy shop! Bad actors will set up fake sites offering gifts and services. They’re looking to get your personal details and money.
Tip: Prefer secure website addresses starting with “https” and displaying a locked padlock.
Shopping scams
Every season has its in-demand items. Scammers take advantage of this and set up ads for amazing deals on those items. Desperate to get this year’s toy for your toddler, you might be hooked. Or they’ll ensure people click on their ads by offering ridiculous deals. If you do get the item purchased via these ads, it’s likely to be a sub-par counterfeit.
Tip: Shop with retailers you know and trust.
Bank scams
This scam operates year-round, but bad actors have an edge in the holiday season when people spend more. Fraudsters typically call, text, or email as your bank having noticed suspicious activity. They get you feeling anxious and then urge you to take action (e.g. click a link or share personal details) to address the issue.
Tip: Remember that banks never use unsolicited calls to ask for personal details, pressure you to give information, or tell you to move your money to a safe account.
The tips shared throughout this article will help. At the same time, setting up password managers and antivirus software can also be useful. We can help you secure your online activity year-round. Contact us today at (651) 456-8655 or visit our Contact page.
Steer Clear of Coronavirus Scams (4/9/2020) – With the world grappling with a health pandemic, scams are shocking. Regrettably, bad actors are everywhere, always looking for opportunities, and they’re seeing one in the Coronavirus. This article outlines what you need to watch out for and how to stay cyber safe.
The last thing you want to read right now is that there’s another threat out there – sorry, but it’s true. Cybercriminals take advantage of fear. They take timely concerns and use them to target victims. Using the anxiety and upheaval around Coronavirus is their mission.
So far, several Coronavirus-related attempts to cyber-scam people have been reported. There are examples of:
emails that appear to come from government health departments;
offering a tax refund to get people to click on malicious links;
memos to staff that appear to come from large employers;
COVID-19 test offerings from private companies;
fake websites promising to sell face masks or hand sanitizer;
soliciting donations to help fund a vaccine.
What to Watch Out For
Another concern is the number of bogus websites registered with names relating to COVID-19. The site can look legit but is set up to steal information or infect the victim’s computer with malware.
You may get an email promising the attached information offers Coronavirus safety measures, or information shared by the World Health Organization (WHO) if you click on the link, or a similar email pretending to be from a reputable news source, such as the Wall Street Journal (WSJ).
In another example, an email impersonating a healthcare company’s IT team asked people to register for a seminar “about this deadly virus.” Anyone who didn’t question why IT was organizing the meeting clicked to register. By filling out the form, they gave their details to hackers.
What to Do
Be cautious. It’s understandable that you’re anxious, but don’t let that stop you from taking cyber precautions. You should still:
be wary of anything that tries to play on your emotions and urges immediate action;
question where emails are coming from – remain vigilant even if the communication appears to come from a reliable source;
hover over links before clicking them to see where they will take you – for example, in the WSJ example, the Web address was for the “worldstreetjournal”;
avoid downloading anything you didn’t ask for;
doubt any deals that sound too good to be true (“a mask that stops the virus 99.7% of the time!”);
ignore any communications requesting your personal information;
don’t be suckered by fraudulent pleas for charity.
Global health organizations generally do not send out emails with advice. Instead, navigate directly to that reputable health institution for real news.
If you’re still not sure about the validity of the communication, check it out. Do so by calling or using another medium to get in touch with the “source” of the received message.
While there is not yet a vaccine for COVID-19, you can put anti-virus protection on your computer. Also, make sure that you’ve applied all available security updates to keep your software safe.
We hope you’ll take care and stay healthy both physically and online in these tough times.
Need help installing security software and keeping your technology safe? Our cyber-security experts can give your home a tech immunization. Contact us today at (651) 456-8655 or visit our Contact page!
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.AcceptNoPrivacy policy
Recent Comments