Verification Codes Should Be Used Only on Login Pages, FTC Warns
“Don’t send verification codes to anyone via text or email,” wrote Kristin Cohen, chief of the FTC's Office of Technology Research and Investigation, in a blog post Wednesday. Verification codes should be used only on the login page, Cohen said. Individuals who get a verification code they didn’t request should tell the provider, she said, because it could be a sign someone is tampering with the account. It’s possible a hacker with an individual’s email address and mobile number can pretend to be an individual’s email provider and send a text asking for a verification code to unlock the email account, Cohen said. The hacker can learn a lot of information looking through an email account or change email settings so emails are forwarded directly to the hacker, she said.