LAS VEGAS, Nev. (FOX5) – Those digital codes you get on your phone when you log on to some sites and services are designed to prevent fraud.
But now bad actors are using those same codes to perpetrate a crime.
Here’s how it works: You’ll get an email or test message with a device code for a site or service you use regularly. It’ll look just like the real thing, but it’s fake. It’ll instruct you to click a link and log in. But, cybercriminals have attached their email address to yours. So, when you log in using that link, you give them access to your account and all your details — including your payment information.
To avoid falling victim to this type of phishing scam, never log in to a site using a device code you didn’t ask for. Remember — codes do not generate without a request. If you get one you didn’t ask for, there’s probably a bad actor on the other end.
Use multifactor authentication on all your accounts to add another layer of security. If you get this type of message, report it!
The Federal Trade Commission makes reporting and learning about scam protection easy. The FBI also has good information on its site, and you can report all sorts of cybercrime to its Internet Crime Complaint Center
Copyright 2025 KVVU. All rights reserved.
