According to 9to5Google, Action Launcher developer Chris Lacy tweeted a photo on Monday of an actual two-factor authentication text message from Google with a VPN ad and included link at the end of it. Lacy said he asked for a verification code after a failed login attempt, so it wasn’t a random text, but Google Messages still flagged it as spam. Lacy received a slew of responses to his Tweet, and it appears that a phone carrier added the ad to the message, possibly as a very clever form of targeted advertising. 9to5Google said that Google is looking into the instance and noted that the ad came from an Australian phone carrier. But these types of texts could soon end since Google announced last month that it wants to move away from using text messages as an authentication method altogether. Instead, the tech giant said it would soon “start automatically enrolling users in 2SV [Two Step Verification] if their accounts are appropriately configured.” The company said its Google Prompt method (where each time you log in, you need both your password and a verification code) and built-in security technology like security keys and the Google Smart Lock app are safer alternatives to text messages. It’s no secret that phone-based authentications can be insecure since phone codes are vulnerable to sneaky interception by hackers. Phone companies have a history of being tricked into transferring phone numbers to allow criminals to get the access codes you request to be sent to your phone, which results in you getting your accounts hacked. A better alternative is using an authentication app, like Google’s Smart Lock app or FreeOTP.
