The “Two-Factor Verification” scam is a phishing email pretending to be from a legitimate service provider such as Google, Microsoft, or Dropbox. The subject line usually contains some variation of “Two Factor Verification” or “Action Required: 2FA Secure Authentication Re-validation”.
The email claims that you must re-authenticate or enable two-factor authentication on your account. It will provide a link to click on or a button to “Enable Extra Security.” If clicked, this will send you to a fake phishing site impersonating the real login page for that service. Phishing emails are relatively easy to detect since most of them contain the same elements, although some phishing scams can look quite convincing on the surface - there are usually signs that reveal it is malicious if you know what to look for.
Here are some tips on how to spot the “Two-Factor Verification” scam:
Look out for any of the following items that are common in phishing emails.
• Inspect the sender’s email address – Emails from companies will come from their official domain, not a random address. For example, Google uses @google.com or @accounts.google.com.
• Check for poor spelling and grammar – Phishing emails often contain typos, or grammatical errors.
• Verify the links before clicking – Hover over any links to see the actual URL destination. Phishing sites use lookalike URLs designed to imitate the real one.
• Look for lack of personalization – Generic greetings like “Dear user” without using your name indicate a scam. Official emails will address you directly.
• Legitimate companies generally don’t make severe threats in emails. Be suspicious of threats or urgency – fear mongering tactics like account deletion threats are used to stop logical thinking.
• Avoid clicking buttons or links – Even if it looks official, manually type out web addresses in your browser or use saved bookmarks to be safe.
• Check for inconsistencies in branding – Phishing sites often have slightly different logos, fonts, or color schemes than the actual company.
• Use an email spam filter – A good spam filter will identify and block many phishing emails before they reach you.
• Turn on two-factor authentication (2FA) – Activating 2FA adds extra login security, meaning stolen passwords are useless to scammers.
Protect your data by frequently backing it up to a hard drive or cloud service. If you access your business email on your phone, it's also wise to back up your mobile data. This ensures that you can access data even if your device is compromised. Boost your protection against phishing scams by using security or antivirus software that guards against hackers and cyber security threats. Make sure that you program automatic software updates so the program actively prevents new threats that may occur.
Now that you have a better idea on how to recognize the Signs of a Phishing Email it's important to always take a few seconds to question the legitimacy of emails before clicking on any links or providing your username, password, or other details through an unsolicited email link, these small steps can save you from potentially compromised accounts and valuable data loss.
Contact BKS Today!
