When it comes to internet security, you may have hear the term “two-factor authentication”. It’s a technology used by a variety of websites to confirm a users identity with two different platforms like email and text. The technology is meant to give you an added layer of protection. But I’ve learned scammers now have a way to crack this code that’s so sneaky it even fooled an internet security expert.
“For me a security information professional, it’s embarrassing to admit that I got scammed,” said computer expert Michael Schearer.
Schearer’s road to embarrassment began when he used sent a tweet on Twitter to Pay Pal, asking for help with his account. What he didn’t know was the person who contacted him back was a scammer using a fake twitter handle.
“They took the images and all of the information from the legit pay pal help account and just copied into their profile so it looked the same,” explained Schearer.
According to security expert Christopher Burgess, scammers will pose as customer service agents and ask for your email address. Then they’ll enter it on a site’s password retrieval page to gain more information.
“Now that he’s got the email address, the cyber criminal comes over here to his terminal, goes to that same page that you’re on, puts in your email address and then says, okay I’ve sent you to your code,” said Burgess.
The code is sent in a text message to your cellphone. The scammer will ask you to verify the code and it’s then that you’ve got a big problem.
“They were able to reset my password, log into my account and make a fraudulent purchase,” said Schearer.
The best way to avoid this is to only seek help on a company’s actual website and never give up codes you receive during the authentication process.
Here is a statement I received Monday night from a PayPal spokesman:
At PayPal, we offer 100% protection for the unauthorized use of your PayPal account. We are vigilant in our efforts to report all false PayPal handles or Facebook pages and work with Twitter and Facebook to have them removed, if possible. We encourage our customers to look for the “verified” Twitter symbol that indicates trusted brands or people. We also remind our customers never to give out their password or other personal information over Twitter or on Facebook. PayPal will only ever require your password or verification code to log into your account.
Do you have a story you want me to check out? Call 1-844-77-JESSE (53773) or send me a message here. I’ll be part of KIRO 7 Eyewitness News most weekdays at 5:15 p.m. You can also check out my Facebook page and click here to follow me on Twitter.
