Current Trend: Attackers targeting customers’ MFA codes

By Elvis Huff on May 12, 2022
3 minute read

There are many ways you can be victimized by cybercriminals. Currently, we are seeing attackers use this MFA attack on their victims. Read more below on how this works and what you can do to protect yourself.

MFA Attack

Always remember, there are many ways you can be become victimized, this is one of many ways attackers target their victims.

The attack starts with a text, email or phone call to the victim impersonating the victim’s bank. The content of the message implies that there will be further communication needed from the victim about their account. The victim believes the communication is from their bank. In the meantime, everything is functioning normally.

Next, the attacker calls, texts or instant messages the victim to get their MFA 2 factor code when signing in to their account. The attacker references the content of the first message to the victim and simply asks for the code that is sent to the victim. The victim, believing this is legitimate, due to the first communication, provides the attacker with the code.

What happened?

The victim, believing they were talking to their bank provided their MFA code, unique to only them, and allowed the attacker to login using the victim’s username and password. The attacker already had the username and password but did not have the unique one time code. Thus, the attacker had to cleverly find a way to get the victim to provide it. How? The attacker had to first plant a seed with the victim, indicating that further communication would be coming. The victim, believed the first message, because it did not ask for anything, and therefore believed the further communications when the attacker sent them. The victim had trust for the first and later messages.

What can you do?

Remember, Wilson Bank will NEVER ask you for any of the following sensitive information:

  • Account Number
  • Existing Security Words
  • PIN Numbers
  • One time passcodes
  • Checking account information

Additionally, Wilson Bank participates in the American Bankers Association’s Annual #BanksNeverAskThat campaign. I have written about this so be sure to check out this article here!


If you get a suspicious call, text, message, email or letter asking for sensitive information, please reach out to Wilson Bank at any one of our friendly branches, our call center at (844) WBT-BANK (844-928-2265), our mobile app, or website. We will happily answer your questions and assist you in verifying the legitimacy of the request.

Want to know more?

Watch this illustrative video on this attack here.


Wilson Bank and Trust is here for you. Should you need help, please do not hesitate to reach out to us online at, our mobile app, or call us at (844) WBT-BANK (844-928-2265).

Have another thought, tip or suggestion? Leave it in the comments below. I would love to hear from you!

Posted by Elvis Huff

Elvis Huff worked as an officer and network administrator for 12 years with the Lebanon Police Department and has also served as an adjunct professor in information systems at Cumberland University. Read More »

Leave a reply

Your email address will not be published. Required fields are marked *