{"id":27058,"date":"2024-02-08T07:42:25","date_gmt":"2024-02-08T12:42:25","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/unexpected-login-codes-otp-2fa\/27058\/"},"modified":"2024-02-09T16:02:30","modified_gmt":"2024-02-09T10:32:30","slug":"unexpected-login-codes-otp-2fa","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/unexpected-login-codes-otp-2fa\/27058\/","title":{"rendered":"What to do when you receive unsolicited messages containing login codes"},"content":{"rendered":"

Over the past few years, we\u2019ve become accustomed to logging into important websites and apps, such as online banking ones, using both a password and one other verification method. This could be a one-time password (OTP) sent via a text message, email or push notification; a code from an authenticator app<\/a>; or even a special USB device\u00a0(\u201ctoken\u201d). This method of logging in is called two-factor authentication<\/a> (2FA), and it makes hacking much more difficult: stealing or guessing a password alone is no longer sufficient to hijack an account. But what should you do if you haven\u2019t tried to log in anywhere yet suddenly receive a one-time code or a request to enter it?<\/p>\n

There are three reasons why this situation might occur:<\/p>\n

    \n
  1. A hacking attempt.<\/strong> Hackers have somehow learned, guessed, or stolen your password and are now trying to use it to access your account. You\u2019ve received a legitimate message from the service they are trying to access.<\/li>\n
  2. Preparation for a hack.<\/strong> Hackers have either learned your password or are trying to trick you into revealing it, in which case the OTP message is a form of phishing. The message is fake, although it may look very similar to a genuine one.<\/li>\n
  3. Just a mistake. <\/strong>Sometimes online services are set up to first request a confirmation code from a text message, and then a password, or authenticate with just one code. In this case, another user could have made a typo and entered your phone\/email instead of theirs\u00a0\u2014 and you receive the code.<\/li>\n<\/ol>\n

    As you can see, there may be a malicious intent behind this message. But the good news is that at this stage, there has been no irreparable damage, and by taking the right action you can avoid any trouble.<\/p>\n

    What to do when you receive a code request<\/h2>\n

    Most importantly, don\u2019t click<\/strong> the confirmation button if the message is in the \u201cYes\/No\u201d form, don\u2019t log in anywhere<\/strong>, and don\u2019t share any received codes with anyone<\/strong>.<\/p>\n

    If the code request message contains links, don\u2019t follow them.<\/p>\n

    These are the most essential rules to follow. As long as you don\u2019t confirm your login, your account is safe. However, it\u2019s highly likely that your account\u2019s password is known to attackers. Therefore, the next thing to do is change the password for this account. Go to the relevant service by entering its web address manually \u2014 not by following a link. Enter your password, get a new (this is important!) confirmation code, and enter it. Then find the password settings and set a new, strong password<\/a>. If you use the same password for other accounts, you\u2019d need to change the password for them, too\u00a0\u2014 but make sure to create a unique password for each account. We understand that it\u2019s difficult to remember so many passwords, so we highly recommend storing them in a dedicated password manager<\/a>.<\/p>\n

    This stage\u00a0\u2014 changing your passwords\u00a0\u2014 is not so urgent. There\u2019s no need to do it in a rush, but also don\u2019t postpone it. For valuable accounts (like banking), attackers may try to intercept the OTP if it\u2019s sent via text. This is done through SIM swapping<\/a> (registering a new SIM card to your number) or launching an attack via the operator\u2019s service network<\/a> utilizing a flaw in the SS7 communications protocol. Therefore, it\u2019s important to change the password before the bad guys attempt such an attack. In general, one-time codes sent by text are less reliable than authenticator apps and USB tokens. We recommend always using the most secure 2FA method available; a review of different two-factor authentication methods can be found here<\/a>.<\/p>\n

    What to do if you\u2019re receiving a lot of OTP requests<\/h2>\n

    In an attempt to make you confirm a login, hackers may bombard you with codes. They try to log in to the account again and again, hoping that you\u2019ll either make a mistake and click \u201cConfirm\u201d, or go to the service and disable 2FA out of annoyance. It\u2019s important to keep cool and do neither. The best thing to do is go to the service\u2019s site as described above (open the site manually, not through a link) and quickly change the password; but for this, you\u2019ll need to receive and enter your own, legitimate OTP. Some authentication requests (for example, warnings about logging into Google services) have a separate \u201cNo, it\u2019s not me\u201d button\u00a0\u2014 usually, this button causes automated systems on the service side to automatically block the attacker and any new 2FA requests. Another option, albeit not the most convenient one, would be to switch the phone to silent or even airplane mode for half-an-hour or so until the wave of codes subsides.<\/p>\n

    What to do if you accidentally confirm a stranger\u2019s login<\/h2>\n

    This is the worst-case scenario, as you\u2019ve likely allowed an attacker into your account. Attackers act quickly in changing settings and passwords, so you\u2019ll have to play catch-up and deal with the consequences of the hack. We\u2019ve provided advice for this scenario here<\/a>.<\/p>\n

    How to protect yourself?<\/h2>\n

    The best method of defense in this case is to stay one step ahead of the criminals: si vis pacem, para bellum<\/a>. This is where our security solution<\/a> comes in handy. It tracks leaks of your accounts linked to both email addresses and phone numbers, including on the dark web. You can add the phone numbers and email addresses of all your family members, and if any account data becomes public or is discovered in leaked databases, Kaspersky Premium<\/a>\u00a0will alert you and give advice on what to do.<\/p>\n

    Included in the subscription, Kaspersky Password Manager<\/a>\u00a0will warn you about compromised passwords and help you change them, generating new uncrackable passwords for you. You can also add two-factor authentication tokens to it or easily transfer them from Google Authenticator in a few clicks. Secure storage for your personal documents will safeguard your most important documents and files, such as passport scans or personal photos, in encrypted form so that only you can access them.<\/p>\n

    Moreover, your logins, passwords, authentication codes and saved documents will be available from any of your devices\u00a0\u2014 computer, smartphone or tablet\u00a0\u2014 so even if you somehow lose your phone, you\u2019ll lose neither your data nor access, and you\u2019ll be able to easily restore them on a new device. And to access all your data, you only need to remember one password\u00a0\u2014 the main one\u00a0\u2014 which isn\u2019t stored anywhere except in your head and is used for banking-standard AES data encryption.<\/p>\n

    With the \u201czero disclosure principle\u201d, no one can access your passwords or data\u00a0\u2014 not even Kaspersky employees. The reliability and effectiveness of our security solutions have been confirmed by numerous independent tests<\/a>, with one recent example being our home protection solutions having received the highest award\u00a0\u2014 Product of the Year 2023<\/a>\u00a0\u2014 in tests run by the independent European laboratory AV-Comparatives<\/a>.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

    One-time codes and two-factor authentication securely protect you from account theft. If you receive such a code or a request to enter it when you aren\u2019t logging in, it may be an attempt to hack into your account.<\/p>\n","protected":false},"author":2722,"featured_media":27059,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2196,9],"tags":[1181,3357,187,76,46,54,527,1898],"class_list":{"0":"post-27058","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-tips","9":"tag-2fa","10":"tag-otp","11":"tag-passwords","12":"tag-phishing","13":"tag-sms","14":"tag-text-messages","15":"tag-threats","16":"tag-tips"},"hreflang":[{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/unexpected-login-codes-otp-2fa\/27058\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/unexpected-login-codes-otp-2fa\/22368\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/unexpected-login-codes-otp-2fa\/11408\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/unexpected-login-codes-otp-2fa\/29724\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/unexpected-login-codes-otp-2fa\/27230\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/unexpected-login-codes-otp-2fa\/27031\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/unexpected-login-codes-otp-2fa\/29635\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/unexpected-login-codes-otp-2fa\/28527\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/unexpected-login-codes-otp-2fa\/36946\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/unexpected-login-codes-otp-2fa\/12049\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/unexpected-login-codes-otp-2fa\/50526\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/unexpected-login-codes-otp-2fa\/21519\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/unexpected-login-codes-otp-2fa\/22235\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/unexpected-login-codes-otp-2fa\/30889\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/unexpected-login-codes-otp-2fa\/35805\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/unexpected-login-codes-otp-2fa\/27439\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/unexpected-login-codes-otp-2fa\/33240\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/unexpected-login-codes-otp-2fa\/32863\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.in\/blog\/tag\/2fa\/","name":"2FA"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/27058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/comments?post=27058"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/27058\/revisions"}],"predecessor-version":[{"id":27060,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/posts\/27058\/revisions\/27060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media\/27059"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/media?parent=27058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/categories?post=27058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.in\/blog\/wp-json\/wp\/v2\/tags?post=27058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}