Verification Codes Should Be Used Only on Login Pages, FTC Warns
“Don’t send verification codes to anyone via text or email,” wrote Kristin Cohen, chief of the FTC's Office of Technology Research and Investigation, in a blog post Wednesday. Verification codes should be used only on the login page, Cohen said.…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Individuals who get a verification code they didn’t request should tell the provider, she said, because it could be a sign someone is tampering with the account. It’s possible a hacker with an individual’s email address and mobile number can pretend to be an individual’s email provider and send a text asking for a verification code to unlock the email account, Cohen said. The hacker can learn a lot of information looking through an email account or change email settings so emails are forwarded directly to the hacker, she said.