Photo: KT Stock photos (Shutterstock)
Scammers have found a new category of apps to target on mobile app stores: authenticator apps. As several websites caution against using SMS to receive login authentication codes, scammers have started creating spurious authenticator apps to target users (and their money). While it’s frustrating to see bad actors actually profiting off of people’s attempts to shore up their digital security, there are easy steps you can take to protect yourself.
How the authenticator app scam works
Mysk, a security blog run by iOS developers, highlighted this scam on Twitter: When you search for popular authenticator apps, such as Google Authenticator or Microsoft Authenticator, scammers buy the sponsored results at the top, so the first app in the results may actually be fake. Once you download these scam apps, you’ll inevitably be asked to pay an obscene fee, such as $40 per month to receive login codes. (It goes without saying you can get these codes for free from legitimate apps.)
Both Apple and Google have been proactive in removing some of these fake apps, but scammers will always find ways to put these authenticators on the market again in a different avatar. Usually, the scam apps have a generic-looking lock icon and use the name “Authenticator” to appear genuine. There’s little room for creativity in a scammer’s world, apparently.
How you can avoid fake authenticator apps
You can easily sidestep these scammers by following a few steps. First, don’t trust the first result you see when you search the App Store on your iPhone or the Google Play store on Android. Even if the first app appears to be legit, you should click the developer’s name to see if they’re the real deal. For example, Google LLC is the developer behind Google Authenticator.
Second, do a quick search online to locate your favorite authenticator apps. As long as you end up on Google or Microsoft’s official download pages for their authenticator apps, you’ll be redirected to the correct app on your phone.
The best precaution against these scam apps is to go with a popular option and avoid unknown apps. If you end up with an obscure authenticator app on your smartphone, you can delete it the moment it asks you to pay. All the best authenticator apps are free, or at least offer a free version.
Lastly, you can circumvent these scammers’ attempts to rob you by using apps with built-in two-factor authenticators. You can try services such as 1Password, Bitwarden, or Apple’s own iCloud Keychain. All of these support authenticator codes along with password management, and an integrated solution may work best for most people.