Protect your 2FA codes along with your password!
Google recently removed a malicious app from their Google Play store. The app, “2FA Authenticator” was available for download for 2 weeks and was downloaded more than 10,000 times.
Hackers used the fully functional 2FA Authenticator app to not only deliver two-factor authentication (2FA) codes but it also downloaded a virus giving the hackers remote access to the user's phone. The virus uses keylogging and screen captures in order to steal banking credentials and financial information from the unsuspecting user. Anyone who downloaded the software is advised to remove the app from their Android phone, change their bank credentials, and scan their phone for malicious software that may still reside on their Android.
State Street Bank does NOT utilize the ‘2FA Authenticator’ software. We support the 'Authy Authenticator App' for our Digital Banking platform. Authy is highly regarded and considered to offer the best combination of compatibility, usability, security, and reliability.
You should always be careful about the applications that you download from the Android or Apple stores. Additionally, you should also protect any 2FA codes you receive, similarly to how you protect your passwords. No one should ask for your password, and the same is true for 2FA codes.
For example, in attempt to hack into your account, a scammer may click the ‘reset password’ link in order to change the password for your Amazon account. When the fraudster encounters a prompt for a 2FA code that was sent to your cell phone, they will call you impersonating an Amazon support person. Representatives that support Amazon will never ask for your account password or a 2FA verification code. The same is true for all companies (i.e. Banks, Venmo, PayPal, Coinbase, etc.).