Two-Factor Authentication Scam

What is two-factor authentication?

Two-Factor Authentication usually involves sending a code to your mobile device after you’ve entered your username and password into a website that has enabled two-factor authentication. After a successful username/password entry, the system will ask for a confirmation code sent via text/SMS to sign in.

How does a Two-Factor Authentication scam work?

To take over your account, the scammers need to obtain your username, password, and your authentication code. There are many ways the fraudsters may have gotten ahold of your username and password and the last piece of information they need to take over your account is the authentication code.

To get that code, scammers may send you an email or a text message impersonating AgFed or another financial institution you may bank with. They may claim that your account has been compromised. Next, the fraudster will request that you provide them with the authorization code you are about to receive to confirm your identity. The scammers attempt a login to the target website using your username/password. That login triggers a text message to you containing the authentication code. If you give this code to the scammers, they can gain full access to your bank account.

How can you protect yourself?

• DO NOT email, re-text, or otherwise provide your authorization code.
• Don’t give out any personal information in response to a text.
• Remember: AgFed will never ask you for your one-time verification code, account number, your PIN number, or other personal identification information
• If you are receiving authorization codes to your mobile device, don’t share them, your account may have had the password compromised. Change the password for that account by directly logging in to that website.

If you have questions about fraud or feel you’ve been a victim of fraud, please contact us at 202-479-2270 or email us at members@agfed.org.

« Back