Skip to Content
© motortion | Dreamstime.com
Security & privacy

Answering this call can hack your bank account – Here’s how it works

Two-factor authentication (2FA) is one of the best ways to prevent criminals from breaching your accounts. For platforms like Google, you are often required to enter the 2FA code when signing into a new device. Tap or click here to see how your texts could be hijacked.

This has been optional for the most part, but Google is now automatically enrolling users to make their accounts safer. This can be turned off, but the automatic rollout has already begun.

But cybercriminals are constantly finding ways to rip people off. There is a new, sophisticated trick that not only allows hackers access to your account but it bypasses the 2FA process. Keep reading for details.

Here’s the backstory

Two-factor authentication adds a layer of security to your accounts. You need to enter credentials to log in but also a code that only you have access to.

But a shocking new trend on cybercrime forums has been raising the eyebrows of security experts. An investigation by Motherboard revealed that hackers had employed bots to help bypass the 2FA process.

The hack requires a victim to willingly hand over their 2FA or authentication codes, and it’s much easier than it sounds. Motherboard received a call from PayPal that an attempted purchase of $58.82 was made from their account.

“In order to secure your account, please enter the code we have sent your mobile device now,” the bot explained. When the code was entered, a swift response said: “Thank you, your account has been secured and this request has been blocked.”

The problem is it wasn’t PayPal at all. It was a bot delivering the message on behalf of cybercriminals. If you hand over the authentication code sent to your phone, the criminal could use it to get into your account.

A crook needs your phone number, email address and log-in credentials to an account to successfully pull off this scam. They can get much of this information through data breaches or leaks that result in your details posted on the Dark Web. It’s an elaborate scheme, but it works.

What you can do about it

Two-factor authentication remains a reliable way to protect your assets. And since this hack requires your input, you can fight against it. Here are some ways that you can stay safe:

  • If you receive a call about an attempted purchase or breach, hang up the phone. Next, call the company directly on an official number for more details.
  • Never give out personal information over the phone. Criminals often rely on you to panick and make mistakes. Relax and think about what’s happening logically.
  • Never click on a link in an unsolicited text message or email. And don’t download or open attachments.

Keep reading

7 essential Android security settings: 2FA, spot shady apps, stop location tracking

Nasty malware steals banking passwords and 2FA codes

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now