The Better Business Bureau (BBB) is warning consumers that even difficult-to-hack passwords aren’t enough to stop scammers these days.
‘That’s why the Better Business Bureau is teaming up with the White House, the National Cyber Security Alliance, and dozens of public and private sector organizations to call on consumers and businesses to ‘Lock Down Your Login,” a campaign the group announced in a statement on its website.
For whatever reason, smartphones have caused consumers to let their guard down when it comes to sharing and protecting personal and sensitive information.
The “Lock Down Your Login” campaign is an effort to encourage people to use two-factor authentication for every account — and to take these types of threats seriously.
Criminals are finding new ways to con Americans out of money every day, and they’re using our everyday activities to try to catch us off guard — including social media, text message, email, phone call and pretty much every other method of communication.
Why you need 2-factor authentication for every online account
Any time you log in to any online account, whether it’s Amazon, your bank account or some other website that contains your personal info, criminals could be watching without you even realizing it. And any piece of information they can pick up about you could help give them access to what they’re really after — your money.
With the majority of Americans now accessing accounts and sharing information via mobile devices, hackers are targeting these methods specifically.
So it’s important to text extra steps to protect your information online and the information you access on your devices — and many sites now offer two-factor authentication to add in another layer of security.
Two-factor authentication (sometimes called two-step authentication) requires you to take an extra step to authenticate who you are when you sign in or when you are doing a transaction. It’s sometimes also referred to as two-step authentication.
The extra step just depends on the company or website, so it could be a unique code that’s texted your cell phone or unique password you have to give when authorizing anything over the phone.
Whatever the extra step is, opt in for it! It’s another layer off security for you and your money!
Bill Fanelli, chief security officer with the Council of Better Business Bureaus, explained two-factor authentication in the BBB’s release about the new campaign:
“2FA means using any two of something you know (such as a password or PIN; plus something you have (a phone, a USB security key), or something you are (fingerprint, facial recognition). To add two-factor authentication to your phone, you can use a fingerprint (something you are) and a PIN (something youknow). To access your email, you can put in a password (something you know) and receive a text message with a code to enter (this proves you have your phone). You can usually authorize the website to remember frequently used devices so you won’t have to enter a code every time you log in. Many websites will notify you by email or text if someone logs on from a different device.”
According to a study a few months ago, people are three times more likely to respond to spam they receive on their smartphone than they are to respond by desktop or laptop.
That’s a big problem — because what many people don’t realize is that as our methods of communication have evolved, so have the scammers.
According to a recent warning put out by the AARP, “more than a quarter of text-message spam — such as free gift cards, cheap medications and similar text-message come-ons — is intended to criminally defraud you, compared with only about 10% of spam arriving by email.”
The AARP says many of these spam texts — that often come in the form of ‘great’ offers — will lead you to ‘shady websites that install malware on your phone or otherwise seek to steal sensitive details for identity theft.’
How to protect yourself from online scams
Text message scams continue to cause problems
Scammers are increasingly using text messages to steal people’s bank and other account information — because it still works.
Since texting is more of a personal method of communication, consumers often feel that they can trust the person on the other end — but that is not the case.
Thieves use technology that allows them to call and text you from what appears to be a number you recognize, maybe your bank — and even when you click the link in the text, the website you land on looks just like your bank’s official website and/or log in page.
Text & email scams
Text message and email scams typically have the same intention — to gain enough information from you in order to steal your identity or other personal data like your banking information.
And since many people don’t associate their smartphones with the risk of fraud, criminals are catching them off guard.
So to help you protect yourself, here are some tips to avoid these scams:
- Never reply to a text from an unknown number — not even to ‘stop’ future messages: If it’s a scammer, it just confirms to the criminals that you are a live, real person and they’ll continue to try to scam you.
- Never click on any links — sent via email or text — that you weren’t expecting or that come from a number/address you don’t recognize.
- Install and regularly update anti-malware software on your smartphone: Here’s a list of the best mobile security software options from Consumer Reports.
- You can forward any suspicious texts to 7726 (‘spam’ on most keypads) to alert your carrier about the number that sent you the spam. Then make sure to delete the texts after you’ve passed the information along.
Just like scammers call your home phone (if you have one), they’re also trying to get to you via smartphone. So before you call back an unknown number, or even someone claiming to be from a company you do business with, there are a few things you need to know.
Common phone scams to avoid on your smartphone:
- One-ring scam: This is when criminals use robocalling technology to place Internet calls that only ring once to cell phones. If you pick up, the robocaller just drops the line. But the bigger danger is if you miss the call. Like so many people, you might think it’s an important call and dial that number right back — but don’t do it!
- Turns out the area codes are in the Caribbean. That call will cost you between $15 and $30! And to add insult to injury, the criminals behind these calls will sign you up (through your cell provider) for bogus services that will be crammed on your phone bill if you return their call. See more on this scam and the area codes to look out for here.
- IRS phone scam: If you receive a call from someone claiming to be from the IRS threatening you, don’t fall for it! The IRS will never threaten you or demand payment over the phone. According to the IRS, official IRS correspondence is sent through U.S. mail only. So this means the IRS will not contact you by email either. If you aren’t sure, here’s an example of what a fake IRS phone call sounds like.
To protect your device from hackers and malware, check our guide of free mobile protection options.