SMS is considered far from the most secure form of two-factor authentication, and a recent case proves this once again. Action Launcher developer Chris Lacy tweeted that there was an ad for a VPN service in his Google 2FA verification code. In the received SMS, in addition to the code, there was a short link, and, apparently, one of the Australian mobile operators is responsible for this.
I just received a two factor authentication SMS from Google that included an ad. Google’s own Messages SMS app flagged it as spam.
What a shameful money grab. pic.twitter.com/NeStIndR6q
— Chris Lacy (@chrismlacy) June 29, 2021
One could assume that this was just another phishing attempt, but the verification code turned out to be valid, and the Messages application marked the incoming SMS as spam. Extra spaces in the text indicate that Google is unlikely to allow itself to insert ads in such important notifications. 9to5google was unable to repeat the experiment with receiving a 2FA code with an SMS message. Perhaps targeting is being used here, which makes the situation even more suspicious. At the moment, Google is investigating the incident and looking for a responsible telecom operator.
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
