Don’t Fall for This Fake Authentication App Scam
Fraudsters have discovered a new category of targeting apps in mobile app stores: authenticator apps. As several websites warn against using SMS to obtain login authentication codes , scammers have begun creating fake authentication apps that target users (and their money). While it’s frustrating to see attackers actually cashing in on people’s attempts to harden their digital security, there are simple steps you can take to protect yourself.
How Authenticator App Fraud Works
Mysk, a security blog run by iOS developers, talked about this twitter scam : When you search for popular authentication apps like Google Authenticator or Microsoft Authenticator, scammers buy sponsored results at the top, so the first app in the results might actually be fake. Once you download these scam apps, you will inevitably be asked to pay obscene fees like $40 a month to get login codes. (It goes without saying that you can get these codes for free from legitimate apps.)
Both Apple and Google have been actively removing some of these fake apps, but scammers will always find ways to put these authenticators back on the market with a different avatar. Typically, rogue apps share a padlock icon and use the name “Authenticator” to appear genuine. Obviously, there is little room for creativity in the world of scammers.
How You Can Avoid Fake Authenticator Apps
You can easily bypass these scammers by following a few steps. First, don’t trust the first search result in the App Store on iPhone or the Google Play Store on Android. Even if the first app seems legit, you should click on the developer’s name to make sure they’re real. For example, Google LLC is the developer of Google Authenticator.
Second, do a quick web search to find your favorite authentication apps. As long as you end up on the official Google or Microsoft download pages for their authenticator apps, you will be redirected to the right app on your phone.
The best precaution against these rogue apps is to use the popular option and avoid unknown apps. If you have an obscure authentication app on your smartphone, you can uninstall it the moment it asks you to pay. All the best authentication apps are free , or at least offer a free version.
Finally, you can bypass these scammers’ attempts to rob you by using apps with built-in two-factor authentication. You can try services like1Password , Bitwarden , or Apple’s own iCloud Keychain . They all support authentication codes along with password management, and an integrated solution might work best for most people.