Why Even Fraudsters Favor Two-Factor Authentication

Enabling two-factor authentication on financial accounts adds an extra layer of protection against unauthorized access. This optional security measure can prevent nefarious actors from busting past your first line of defense – a unique username and complex password. But savvy crooks have figured out a way to trick consumers into handing over the temporary passcodes designed to keep your sensitive data safe.

Here's what you need to know about the two-factor authentication scam.

How Can a Scammer Access my Account?

Scammers need your username, password, and temporary passcode before accessing your accounts. They might already have your username and password as a result of:

  • Company data breaches
  • Successful phishing attempts
  • Hacked emails or social media accounts
  • Malicious software downloaded to your device
  • Buying your stolen personal information on the Dark Web

However, attempts to access your account are denied unless they also have your authentication passcode. If you have two-factor authentication enabled on the account, temporary passcodes are only sent to the mobile device or email address you listed during setup. Since codes expire within a few minutes, criminals need you to act fast for their scheme to work. 

Typical Two-factor Authentication Scam Scenario

Be on the lookout for fake account alerts claiming that a company representative needs your help resolving a problem with the account. These alerts may come to you via text message or live phone call. The scammer claims they need the temporary passcode, which they trigger by entering your username and password. Victims fall for this scam when they are told the passcode is needed to verify their identity.
It only takes a few minutes for them to do their worst. Once they are logged into your account, crooks immediately change the login credentials and transfer the money from your account to an external one.

How to Protect Your Accounts

Two-factor authentication remains a valuable security tool, but it requires that you guard it as you would any other piece of confidential data. Keep it safe by remembering that:

  • Bank of Denver will never ask for your login credentials or temporary passcode
  • Fraud alerts should be verified by contacting the financial institution directly, not replying to a text message or unsolicited phone call
  • Crooks can spoof phone numbers making calls appear to originate from trusted companies
  • Giving someone your temporary passcode gives them full access to your account 

Be willing to question any request that requires you to provide account information by phone or text message.

What if I Suspect a Two-factor Authentication Scam?

If you’ve already given someone information, they can use to access your Bank of Denver account, contact us immediately at 303-572-3600. We can take steps to secure your accounts and prevent further unauthorized access. You can also report the incident to the Federal Trade Commission. This governmental agency works to stop consumer-related crimes across the country.