Warning: If you’re receiving verification codes that you didn’t ask for, it could be due to hackers trying to infiltrate your user account!
However, it’s not always that urgent.
The other explanation is that someone gave your phone number for verification purposes in place of their own by accident.
The second scenario is annoying but ultimately harmful, and should resolve itself shortly after the person realizes their mistake!
However, the first possibility is still definitely alarming, and as such you need to take proper action right away to make sure you’re safe.
In the past, anyone that got a hold of your password could access your account.
And unfortunately, people had passwords so simple that it didn’t take much effort to crack at all!
A close acquaintance or work colleague with malicious intent only needed to key in your birthday or something similarly easy-to-guess to gain access.
(“1-2-3-4”, or “password”, anyone?)
Multiple repeated cases and increased media exposure opened peoples’ eyes to the importance of strong passcodes.
Not to be outdone, hackers responded (and continue to respond) by becoming increasingly creative and deploying sophisticated code and programs to crack those stronger security measures!
And as these attacks got more and more powerful, account protection efforts led to the invention of two-step verification (or 2FA).
Two-step verification is a secure way of logging in to your profile or user account for a whole variety of apps, websites, and platforms.
It relies on both a password and contact number- hence the “2-step” aspect.
Two-step verification is activated each time you log into your account. When you have the feature enabled, a code is set to your phone the moment you key in your password.
You’ll then need to provide that code (usually within a set amount of time) to gain access to your account.
The idea is that a hacker may crack your password, but they cannot physically access your phone for that second code!
Two-step verification is a quick process; an extra measure to keep your account safe.
However, it can be triggered by accident when someone gives your phone number to receive a code.
Though it’s a bit jarring when that text message arrives out of the blue, you usually have nothing to worry about in this scenario!
Note that this kind of mistake usually occurs in cases of account recovery attempts.
In account login situations, the system already has the correct contact information. As such, you need to treat each verification code you receive with caution!
Since it was the system that sent the code, it’s important to recognize at this point that someone out there has your password.
There’s no need to panic just yet, as since you have two-step verification in place it won’t allow the person to just log in to your account.
Just imagine if this security measure did not exist!
It’s a pretty terrifying moment when you learn that your password is no longer a secret.
It’s vital to establish potentially how it happened so that you can plug any holes in your security:
- Did you share your password with anyone recently?
- Have you memorized the password, or do you have a soft or hard copy of it stored somewhere?
- Who else has access to where you store your password, if there is a copy?
- Is the password exclusive to that one account, or does it apply to other accounts as well?
- How strong is the password, objectively?
Hackers are motivated to infiltrate people’s accounts for four main reasons:
A hacker may try to get into your online banking platform to clean out your accounts!
As brick-and-mortar banks became more secure, thieves focused their efforts on online channels.
Hacking into customer profiles allows them to transfer funds before the bank notices and freezes the funds.
A hacker with access to your account can send out malicious communication on your behalf.
If, for example, you are a respected member of your community, they could use your authority to slander another individual.
If you handle sensitive company information, hackers may try to access it through your work profile.
They may target your work profile, or use your other accounts to gain enough trust to be allowed access.
Your Google account, for instance, likely contains a good chunk of your digital life.
If hackers were to gain access to your account, they could inflict untold damage to you, those close to you- and even to your future prospects!
Such hacking attempts to your accounts will cause anyone to panic.
However, the good news is that while your password might be compromised, your account will be safe if you have the aforementioned 2FA enabled.
Your focus should now be on taking proactive steps to secure the account even further!
When you receive a verification code you had not requested personally, you need to take the following steps to protect yourself:
A two-step verification text or email will usually contain a disclaimer with a call-to-action.
The verification request may, for example, have a link to a secure page to help you cancel such login attempts.
Use it to find out more about the request, and to stop any further action at the source.
It would be best to change your password immediately after such an attempt.
A compromised password means the hacker will keep trying to access your account. If they attempt again in the future, you may unknowingly let them in.
Besides changing your password, it’s important to check if the hacker accessed any other part of your account.
Google, for instance, has an account activity section that shows you what devices are linked to your account. You can review login activity to ensure that the account is secure.
It’s important to report any suspicious activity through the proper channels.
If the hacker attempted to steal through your online profile, notify your bank immediately. The same applies to your work profile.
Such hacking attempts may be isolated incidents or coordinated attacks on your accounts, your employer, or your bank.
It’s definitely a good idea to take further steps in securing your accounts from future attacks.
Today’s best defenses may soon be compromised as hackers develop bolder and more sophisticated tactics.
Here are some things you can do to protect your accounts:
When creating a password, come up with one that contains 12 characters with a mix of uppercase and lowercase letters, numbers, and special characters.
Do not include a name, address, date, birthday, or location as part of those characters!
If the password contains a word, then misspelling it on purpose is a great way to strengthen the code.
It would be best to memorize your password, rather than store it on your computer or in a notebook.
While it may seem complicated, ensuring no password copy exists lowers its vulnerability.
If it proves too difficult to memorize a password, invest in a robust Password Keeper app such as 1Password.
Ensure you use one from a recognized developer for assured security.
Get into the habit of denying browsers and apps the permission to save your password.
Websites and apps may ask you to save your password for convenience on the next login. That, however, leaves room for hackers to stumble upon it!
Additionally, it’s a good move to change your passwords once every three months.
Changing the password also logs you out of any browsers you may have left open and vulnerable.
As the admin, you have access to account activity information. This feature can help you to identify hacking attempts.
By reviewing account activity regularly, you have the opportunity to stop a hacker in his tracks before he does any real damage!
Finally, ensure that all your user accounts and profiles have two-step verification enabled as default.
The account you think would be of little interest to hackers is actually the opening to your more sensitive information- so lock those doors!
When you keep getting verification codes texted to you that you didn’t request, and suspect that something’s wrong as a result- try not to panic!
It’s a scary situation for sure, but in many instances it’s nothing that you need to be overly worried about.
With two-step verification, your accounts should remain secure from bad actors.
Verification codes are sent either by accident or on purpose.If someone gave your contact information instead of theirs by mistake, then it’s completely harmless.
If, however, there were multiple attempts to access your account, you need to take immediate action to stop the potential hackers.
Follow the prompts contained within the notification emails to cancel the attempt to access your account.
Then, apply each of the security measures detailed in the section above to properly safeguard your account!