Two-step verification was designed to give extra security protection to online accounts including bank accounts. But a regional police force has issued a warning that scammers have been attempting to bypass even this extra security measure.
The two-factor process, which is used to verify a user's identity online, is used by banks, retailers, even social media providers, to give an extra level of protection. However, according to Leicestershire Police, there has been a sharp increase in reports of fraudsters trying to bypass the process in order to gain access to bank accounts.
The force said it had become aware of a number of recent incidents where banking security measures - officially known as two factor authentication (2FA) - have been compromised. They normally take the form of a password or PIN number to ensure only authorised people can access a bank account.
READ MORE: Ideas for £4m Arnold Market Place include greasy spoon, designer outlet and children's area
Officers said that in each case the victims had been contacted online by individuals posing as friends or family members and asked to share their 2FA code. "Recently we have seen an increase in the reporting of fraud offences where Two-Factor Authentication (2FA) codes have been obtained in order to gain access to secure accounts," said a police spokesperson.
"This can take the form of something you know, like a password or PIN; something you have, like your phone, or something you are, like a fingerprint. Typically, it involves sending a code to a registered mobile device after a user has entered their username and password into a website."
The security system is mainly used by social media organisations and banks to ensure a user's account details are kept secure and only they can gain access, reported Leicestershire Live. But police are concerned by the number of recent incidents where individuals have been duped into handing over the codes.
"In the last two weeks 14 reports have been received where people have been contacted by individuals online who they believed were family or friends and asked to share their 2FA code," said the police spokesperson. "It was later established that the accounts were compromised as the victims genuinely believed they shared the 2FA codes with someone they knew."
The stark advice the police are giving is to to never share your 2FA code with anyone else - whoever they claim to be and whatever the circumstances. They insist this is by far the best way to prevent becoming the next fraud victim.
"The simple advice is never share your 2FA code with anyone!" said the force spokesperson. If you believe you have been the victim of this fraud contact Action Fraud www.actionfraud.police.uk to report the incident.
.png?w=600)
