1) Verifying the identity of a user that contacts the support team (phone / chat)
2) Verifying the identity of a user logging in / performing step-up authentication on a system
Malicious actors very commonly get in touch with an end-user under the guise of being a legitimate support team member and ask the end-user to provide the OTP code that they just sent. Appending the following text will serve as a mitigation to users falling for this attack vector:
1) "ExampleCo staff will ask for this code"
2) "ExampleCo staff will NOT ask for this code"
OTP codes have two common use cases:
1) Verifying the identity of a user that contacts the support team (phone / chat) 2) Verifying the identity of a user logging in / performing step-up authentication on a system
Malicious actors very commonly get in touch with an end-user under the guise of being a legitimate support team member and ask the end-user to provide the OTP code that they just sent. Appending the following text will serve as a mitigation to users falling for this attack vector:
1) "ExampleCo staff will ask for this code" 2) "ExampleCo staff will NOT ask for this code"