Avoid Clicking Links and Never Share Codes

May 6, 2025

Cybercriminals are always finding new ways to steal sensitive data, but two tried-and-true tactics continue to dominate, causing financial losses for individuals, families and businesses:

  • Embedding text messages with malicious links.
  • Compelling victims to share sensitive codes.

Read on to learn more about the risks associated with this type of scam and what you can do to protect yourself and your community from falling into a fraud trap.

The Dangers of Clicking Links in Text Messages

Phishing Attacks: Cybercriminals often send text messages containing links that appear to be from legitimate sources, such as banks, delivery services or social media platforms. These links can lead to fake websites designed to steal your personal information, such as login credentials, credit card numbers or other sensitive data.
Malware Installation: Clicking on suspicious links may result in malware being installed on your device. Malware can compromise your device's security, steal data, including contacts and photos, and even give hackers remote access to your device.

How to Stay Safe

Verify the Source: If you receive a text message with a link, don’t click it.  Instead, contact the company directly using a known phone number or website.
Look for Red Flags: Be wary of messages that contain urgent language, spelling errors or links that look unusual or suspicious.
Use Security Software: Install and regularly update security software on your devices to help detect and block malicious links.

The Risks of Sharing Sensitive Codes

In the wrong hands, certain codes can be door-openers that give threat actors access to financial accounts, networks and other digital properties. Two types of codes are especially enticing to fraudsters.

Multi-Factor Authentication (MFA) codes add an extra layer of security by requiring users to provide two or more verification factors. This is typically something you know (like a password), something you have (like a code sent to your phone) or something you are (like a fingerprint).

Secure Access Codes (SAC) are often used as one of these factors—usually a temporary code sent via text, email or app—to confirm the user’s identity during login or sensitive transactions.

Why Sharing Codes is Dangerous

Unauthorized Access: Sharing your codes can allow cybercriminals to bypass the additional security layer and gain access to your account numbers using the code that was intended for you.
Identity Theft: Once hackers have access to your accounts, they can steal your personal information, leading to identity theft and financial loss.

How to Stay Safe

Genuine Alerts Don’t Include Links: Remember, genuine fraud alerts will never prompt you to click a link.
Keep Codes Private: Never share your codes with anyone, even if they claim to be from a trusted organization or source.
Enable MFA: Ensure MFA is enabled on all your accounts to provide an extra layer of security.
Be Skeptical: If you receive a request for your code, pause and evaluate where the request is coming from by contacting the organization directly.
If You Have Shared Your MFA or SAC: Contact your bank immediately. The institution may need to block your account and/or disable your credit card to prevent further fraud.

Staying vigilant and cautious can significantly reduce the risk of falling victim to cybercrime. By avoiding clicking on suspicious links in text messages and keeping your MFA and SAC codes private, you can protect your personal information and maintain your digital security.

Remember, when in doubt, always verify the source and legitimacy of any request for your information.

If you have any questions or need assistance, please contact Bank Iowa directly.